Difference between revisions of "Bibliography"

From Hacking Printers
Jump to: navigation, search
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[2016] Müller: "Exploiting Network Printers"
+
== Research by date ==
  
* LINK: http://homepages.rub.de/jens.mueller-2/publications/2016-exploiting-network-printers.pdf
+
=== 2017 ===
* CODE: https://github.com/RUB-NDS/PRET
+
  
-----------------------------------
+
'''SoK: Exploiting Network Printers''' ([https://www.nds.rub.de/media/ei/veroeffentlichungen/2018/07/11/printer-security.pdf PDF])
 +
<br>by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Blogpost: [http://web-in-security.blogspot.de/2017/01/printer-security.html]
  
[2014] Costin: "A Large-Scale Analysis of the Security of Embedded Firmwares"
+
=== 2016 ===
  
-----------------------------------
+
'''Exploiting Network Printers:  A Survey of Security Flaws in Laser Printers and Multi-Function Devices''' ([https://www.nds.rub.de/media/ei/arbeiten/2017/01/30/exploiting-printers.pdf PDF])
 +
<br>by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Proof-of-concept code: [https://github.com/RUB-NDS/PRET]
  
[2013] Zaddach: "Embedded Devices Security and Firmware Reverse Engineering"
+
'''PWN Xerox Printers (...again): About Hardware Attacks and Insecure Cloning''' ([https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/xerox_phaser_6700_white_paper.pdf PDF])
 +
<br>by Peter Weidenbach, Raphael Ernst
  
-----------------------------------
+
=== 2014 ===
  
[2014] Jordon: "ARM Wrestling a Printer" | Canon Firmware RCE
+
'''A Large-Scale Analysis of the Security of Embedded Firmwares''' ([https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf PDF])
 +
<br>by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti | Video: [https://www.youtube.com/watch?v=5gf6mFz1rPM]
  
* LINK: http://www.contextis.com/resources/blog/hacking-canon-pixma-printers-doomed-encryption/
+
'''Hacking Canon Pixma Printers - Doomed Encryption''' ([http://www.contextis.com/resources/blog/hacking-canon-pixma-printers-doomed-encryption/ HTML])
 +
<br>by Michael Jordon
  
-----------------------------------
+
=== 2013 ===
  
[2010] Costin: "Hacking Printers for Fun and Profit" | Use Word/JS/Java to deploy PostScript Payload
+
'''Embedded Devices Security and Firmware Reverse Engineering''' ([http://s3.eurecom.fr/docs/bh13us_zaddach.pdf PDF])
 +
<br>by Jonas Zaddach, Andrei Costin
  
* VIDEO: https://www.youtube.com/watch?v=R56ZXErKCeE
+
'''Research Report on the Security of MFPs''' ([https://www.ipa.go.jp/security/jisec/apdx/documents/20130312report_E.pdf])
 +
<br>by IPA Information-technology Promotion Agency, Japan
  
[2011] Costin: "PostScript(um): You’ve Been Hacked" | PS-Shell | Look into Firmware | API available to PS-Language | {Memory Dumper, BSD-Sockets}, Xerox Firmware Update via PS-File, MSF/Attacking Demo Toolkit
+
=== 2012 ===
  
* LINK: https://www.corelan.be/index.php/2012/05/25/hitb2012ams-day-2-postscript-danger-ahead/
+
'''PostScript: Danger Ahead?!'''
* VIDEO: https://www.youtube.com/watch?v=PqL5P46m_zQ
+
<br>by Andrei Costin | Slides: [https://infocon.org/cons/Hack%20In%20Paris/Hack%20In%20Paris%202012/Slides/Andrei-PostScript%20Danger%20Ahead.pdf] | Video: [https://www.youtube.com/watch?v=ygcs0m5C9ZI]
  
-----------------------------------
+
=== 2011 ===
  
[2011] Cui: "Print me if you Dare" | HP Firmware RCE
+
'''Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware'''
 +
<br>by Ang Cui, Salvatore Stolfo | Slides: [http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf] | Video: [https://www.youtube.com/watch?v=njVv7J2azY8]
  
* TALK: http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html
+
'''Printers gone Wild (PrintFS PJL filesystem)'''
* TALK: http://boingboing.net/2011/12/30/printer-malware-print-a-malic.html
+
<br>by Ben Smith | Video: [http://www.securitytube.net/video/1395] | Proof-of-concept code: [http://www.remote-exploit.org/articles/printfs/index.html]
* VIDEO: https://www.youtube.com/watch?v=njVv7J2azY8
+
* SLIDES: http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf
+
  
-----------------------------------
+
'''From Printer to Pwnd: Leveraging Multifunction Printers During Penetration Testing'''
 +
<br>by Deral Heiland | Slides: [http://foofus.net/goons/percx/defcon/P2PWND.pdf] | Video: [https://www.youtube.com/watch?v=PH4pTCmKgOg] | Proof-of-concept code: [https://github.com/percx/Praeda]
  
[2011] Smith: "Printers gone Wild" | PrintFS PJL filesystem
+
'''From Patched to Pwned: Attacking Xerox's  Multifunction Printers Patch Process''' ([http://foofus.net/goons/percx/Xerox_hack.pdf PDF])
 +
<br>by Deral Heiland
  
* LINK: http://blog.c22.cc/2011/01/29/shmoocon-2011-printers-gone-wild/
+
=== 2010 ===
* CODE: http://www.remote-exploit.org/articles/printfs/index.html
+
  
-----------------------------------
+
'''Hacking Printers for Fun and Profit'''
 +
<br>by Andrei Costin | Slides: [http://andreicostin.com/papers/Conf%20-%20Hack.lu%20-%202010%20-%20Luxembourg%20-%20AndreiCostin_HackingPrintersForFunAndProfit.pdf] | Video: [https://www.youtube.com/watch?v=R56ZXErKCeE]
  
[2011] Heiland: "From Printer to Pwnd" | Praeda toolkit
+
'''Juste une imprimant?'''
 +
<br>by NBS System | Slides: [http://www.ossir.org/jssi/jssi2010/1A.pdf]
  
* CODE: https://github.com/percx/Praeda
+
=== 2006 ===
* VIDEO: https://www.youtube.com/watch?v=HMSLMsPJ010
+
* SLIDES: http://www.slideshare.net/403Labs/exploiting-vulnerabilities-in-multifunction-printersa
+
  
[2011] Heiland: "From Patched to Pwned" | Xerox DLM RCE
+
'''Hacking Network Printers''' ([http://www.irongeek.com/i.php?page=security/networkprinterhacking HTML])
 +
<br>by Adrian Crenshaw (Irongeek)
  
* LINK: http://foofus.net/goons/percx/Xerox_hack.pdf
+
=== 2002 ===
* LINK: http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_XRX12-003_v1.1.pdf
+
  
-----------------------------------
+
'''Understanding, Reversing, and Hacking HP Printers''' ([http://search.lores.eu/realicra/hp_slobo.htm HTML])
 +
<br>by Slobotron
  
[2010] NBS: "Juste une imprimant?" | Lexmark/generic attacks
+
'''Printer Exploration (PFT and Hijetter, libPJL, ChaiPortScan, ChaiCrack)'''
 
+
<br>FtR of Phenoelit, FX of Phenoelit | Proof-of-concept code: [http://www.phenoelit.org/hp/index.html]
* SLIDES: http://www.ossir.org/jssi/jssi2010/1A.pdf
+
 
+
-----------------------------------
+
 
+
[2006] Irongeek: "Hacking Network Printers" | HP/generic tricks
+
 
+
* LINK: http://www.irongeek.com/i.php?page=security/networkprinterhacking
+
 
+
-----------------------------------
+
 
+
[2002] Slobotron: "Hacking HP Printers" | HP/generic tricks
+
 
+
* LINK: http://search.lores.eu/realicra/hp_slobo.htm
+
 
+
-----------------------------------
+
 
+
[2002] Phenoelit: "Printer Exploration" | Hijetter PJL tool
+
 
+
* LINK: http://www.phenoelit.org/hp/index.html
+
* CODE: PFT/Hijetter, libPJL, ChaiPortScan, ChaiCrack
+
 
+
-----------------------------------
+
 
+
[Miscellaneous]
+
 
+
* https://www.altamiracorp.com/blog/employee-posts/hacking-hp-printers-for-fun-profit
+
* http://hackonadime.blogspot.com/2011/12/hacking-printers-pjl-basics.html
+
* https://www.ipa.go.jp/security/jisec/apdx/documents/20130312report_E.pdf
+
* http://www.darkreading.com/vulnerabilities-and-threats/corporate-espionages-new-friend-embedded-web-servers/d/d-id/1100343?
+
* https://homepages.laas.fr/matthieu/talks/secu-impression.pdf
+

Latest revision as of 12:05, 11 July 2018

Research by date

2017

SoK: Exploiting Network Printers (PDF)
by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Blogpost: [1]

2016

Exploiting Network Printers: A Survey of Security Flaws in Laser Printers and Multi-Function Devices (PDF)
by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Proof-of-concept code: [2]

PWN Xerox Printers (...again): About Hardware Attacks and Insecure Cloning (PDF)
by Peter Weidenbach, Raphael Ernst

2014

A Large-Scale Analysis of the Security of Embedded Firmwares (PDF)
by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti | Video: [3]

Hacking Canon Pixma Printers - Doomed Encryption (HTML)
by Michael Jordon

2013

Embedded Devices Security and Firmware Reverse Engineering (PDF)
by Jonas Zaddach, Andrei Costin

Research Report on the Security of MFPs ([4])
by IPA Information-technology Promotion Agency, Japan

2012

PostScript: Danger Ahead?!
by Andrei Costin | Slides: [5] | Video: [6]

2011

Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware
by Ang Cui, Salvatore Stolfo | Slides: [7] | Video: [8]

Printers gone Wild (PrintFS PJL filesystem)
by Ben Smith | Video: [9] | Proof-of-concept code: [10]

From Printer to Pwnd: Leveraging Multifunction Printers During Penetration Testing
by Deral Heiland | Slides: [11] | Video: [12] | Proof-of-concept code: [13]

From Patched to Pwned: Attacking Xerox's Multifunction Printers Patch Process (PDF)
by Deral Heiland

2010

Hacking Printers for Fun and Profit
by Andrei Costin | Slides: [14] | Video: [15]

Juste une imprimant?
by NBS System | Slides: [16]

2006

Hacking Network Printers (HTML)
by Adrian Crenshaw (Irongeek)

2002

Understanding, Reversing, and Hacking HP Printers (HTML)
by Slobotron

Printer Exploration (PFT and Hijetter, libPJL, ChaiPortScan, ChaiCrack)
FtR of Phenoelit, FX of Phenoelit | Proof-of-concept code: [17]