Difference between revisions of "Bibliography"

From Hacking Printers
Jump to: navigation, search
Line 1: Line 1:
[2016] Müller: "Exploiting Network Printers"
+
== Research by date ==
  
* LINK: http://homepages.rub.de/jens.mueller-2/publications/2016-exploiting-network-printers.pdf
+
=== 2016 ===
* CODE: https://github.com/RUB-NDS/PRET
+
  
-----------------------------------
+
'''Exploiting Network Printers:  A Survey of Security Flaws in Laser Printers and Multi-Function Devices''' ([http://homepages.rub.de/jens.mueller-2/publications/2016-exploiting-network-printers.pdf PDF])
 +
<br>by Jens Müller | Proof-of-concept code: [https://github.com/RUB-NDS/PRET]
  
[2014] Costin: "A Large-Scale Analysis of the Security of Embedded Firmwares"
+
'''PWN Xerox Printers (...again):  About Hardware Attacks and Insecure Cloning'''' ([https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/xerox_phaser_6700_white_paper.pdf PDF])
 +
<br>by Peter Weidenbach, Raphael Ernst, Fraunhofer FKIE
  
-----------------------------------
+
=== 2014 ===
  
[2013] Zaddach: "Embedded Devices Security and Firmware Reverse Engineering"
+
'''A Large-Scale Analysis of the Security of Embedded Firmwares''' ([https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf PDF])
 +
<br>by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti, Eurecom
  
-----------------------------------
+
'''Hacking Canon Pixma Printers - Doomed Encryption''' ([http://www.contextis.com/resources/blog/hacking-canon-pixma-printers-doomed-encryption/ PDF])
 +
<br>by Michael Jordon
  
[2014] Jordon: "ARM Wrestling a Printer" | Canon Firmware RCE
+
=== 2013 ===
  
* LINK: http://www.contextis.com/resources/blog/hacking-canon-pixma-printers-doomed-encryption/
+
'''Embedded Devices Security and Firmware Reverse Engineering''' ([http://s3.eurecom.fr/docs/bh13us_zaddach.pdf PDF])
 +
<br>by Jonas Zaddach, Andrei Costin
  
-----------------------------------
+
'''Research Report on the Security of MFPs''' ([https://www.ipa.go.jp/security/jisec/apdx/documents/20130312report_E.pdf])
 +
<br>by IPA Information-technology Promotion Agency, Japan
  
[2010] Costin: "Hacking Printers for Fun and Profit" | Use Word/JS/Java to deploy PostScript Payload
+
=== 2011 ===
  
* VIDEO: https://www.youtube.com/watch?v=R56ZXErKCeE
+
'''PostScript(um): You've Been Hacked'''
 +
<br>by Andrei Costin | | Slides: [https://infocon.org/cons/Hack%20In%20Paris/Hack%20In%20Paris%202012/Slides/Andrei-PostScript%20Danger%20Ahead.pdf] | Video: [https://www.youtube.com/watch?v=PqL5P46m_zQ]
  
[2011] Costin: "PostScript(um): You’ve Been Hacked" | PS-Shell | Look into Firmware | API available to PS-Language | {Memory Dumper, BSD-Sockets}, Xerox Firmware Update via PS-File, MSF/Attacking Demo Toolkit
+
'''Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware'''
 +
<br>by Ang Cui, Salvatore Stolfo | Slides: [http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf] | Video: [https://www.youtube.com/watch?v=njVv7J2azY8]
  
* LINK: https://www.corelan.be/index.php/2012/05/25/hitb2012ams-day-2-postscript-danger-ahead/
+
'''Printers gone Wild (PrintFS PJL filesystem)'''
* VIDEO: https://www.youtube.com/watch?v=PqL5P46m_zQ
+
<br>by Ben Smith | Video: [http://www.securitytube.net/video/1395] | Proof-of-concept code: [http://www.remote-exploit.org/articles/printfs/index.html]
  
-----------------------------------
+
'''From Printer to Pwnd''' (Praeda toolkit)
 +
<br>by Deral Heiland | Slides: [http://foofus.net/goons/percx/defcon/P2PWND.pdf] | Video: [https://www.youtube.com/watch?v=HMSLMsPJ010] | Proof-of-concept code: [https://github.com/percx/Praeda]
  
[2011] Cui: "Print me if you Dare" | HP Firmware RCE
+
'''From Patched to Pwned (Xerox DLM RCE)''' ([http://foofus.net/goons/percx/Xerox_hack.pdf PDF])
 +
<br>by Deral Heiland
  
* TALK: http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html
+
=== 2010 ===
* TALK: http://boingboing.net/2011/12/30/printer-malware-print-a-malic.html
+
* VIDEO: https://www.youtube.com/watch?v=njVv7J2azY8
+
* SLIDES: http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf
+
  
-----------------------------------
+
'''Hacking Printers for Fun and Profit'''
 +
<br>by Andrei Costin | Video: [https://www.youtube.com/watch?v=R56ZXErKCeE]
  
[2011] Smith: "Printers gone Wild" | PrintFS PJL filesystem
+
'''Juste une imprimant? (Lexmark/generic attacks)'''
 +
<br>by NBS System | Slides: [http://www.ossir.org/jssi/jssi2010/1A.pdf]
  
* LINK: http://blog.c22.cc/2011/01/29/shmoocon-2011-printers-gone-wild/
+
=== 2006 ===
* CODE: http://www.remote-exploit.org/articles/printfs/index.html
+
  
-----------------------------------
+
'''Hacking Network Printers''' ([http://www.irongeek.com/i.php?page=security/networkprinterhacking HTML])
 +
<br>by Irongeek
  
[2011] Heiland: "From Printer to Pwnd" | Praeda toolkit
+
=== 2002 ===
  
* CODE: https://github.com/percx/Praeda
+
'''Understanding, Reversing, and Hacking HP Printers''' ([http://search.lores.eu/realicra/hp_slobo.htm HTML])
* VIDEO: https://www.youtube.com/watch?v=HMSLMsPJ010
+
<br>by Slobotron
* SLIDES: http://www.slideshare.net/403Labs/exploiting-vulnerabilities-in-multifunction-printersa
+
  
[2011] Heiland: "From Patched to Pwned" | Xerox DLM RCE
+
'''Printer Exploration (PFT and Hijetter, libPJL, ChaiPortScan, ChaiCrack)'''
 
+
<br>FtR of Phenoelit, FX of Phenoelit | Proof-of-concept code: [http://www.phenoelit.org/hp/index.html]
* LINK: http://foofus.net/goons/percx/Xerox_hack.pdf
+
* LINK: http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_XRX12-003_v1.1.pdf
+
 
+
-----------------------------------
+
 
+
[2010] NBS: "Juste une imprimant?" | Lexmark/generic attacks
+
 
+
* SLIDES: http://www.ossir.org/jssi/jssi2010/1A.pdf
+
 
+
-----------------------------------
+
 
+
[2006] Irongeek: "Hacking Network Printers" | HP/generic tricks
+
 
+
* LINK: http://www.irongeek.com/i.php?page=security/networkprinterhacking
+
 
+
-----------------------------------
+
 
+
[2002] Slobotron: "Hacking HP Printers" | HP/generic tricks
+
 
+
* LINK: http://search.lores.eu/realicra/hp_slobo.htm
+
 
+
-----------------------------------
+
 
+
[2002] Phenoelit: "Printer Exploration" | Hijetter PJL tool
+
 
+
* LINK: http://www.phenoelit.org/hp/index.html
+
* CODE: PFT/Hijetter, libPJL, ChaiPortScan, ChaiCrack
+
 
+
-----------------------------------
+
 
+
[Miscellaneous]
+
 
+
* https://www.altamiracorp.com/blog/employee-posts/hacking-hp-printers-for-fun-profit
+
* http://hackonadime.blogspot.com/2011/12/hacking-printers-pjl-basics.html
+
* https://www.ipa.go.jp/security/jisec/apdx/documents/20130312report_E.pdf
+
* http://www.darkreading.com/vulnerabilities-and-threats/corporate-espionages-new-friend-embedded-web-servers/d/d-id/1100343?
+
* https://homepages.laas.fr/matthieu/talks/secu-impression.pdf
+

Revision as of 17:58, 5 January 2017

Research by date

2016

Exploiting Network Printers: A Survey of Security Flaws in Laser Printers and Multi-Function Devices (PDF)
by Jens Müller | Proof-of-concept code: [1]

PWN Xerox Printers (...again): About Hardware Attacks and Insecure Cloning' (PDF)
by Peter Weidenbach, Raphael Ernst, Fraunhofer FKIE

2014

A Large-Scale Analysis of the Security of Embedded Firmwares (PDF)
by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti, Eurecom

Hacking Canon Pixma Printers - Doomed Encryption (PDF)
by Michael Jordon

2013

Embedded Devices Security and Firmware Reverse Engineering (PDF)
by Jonas Zaddach, Andrei Costin

Research Report on the Security of MFPs ([2])
by IPA Information-technology Promotion Agency, Japan

2011

PostScript(um): You've Been Hacked
by Andrei Costin | | Slides: [3] | Video: [4]

Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware
by Ang Cui, Salvatore Stolfo | Slides: [5] | Video: [6]

Printers gone Wild (PrintFS PJL filesystem)
by Ben Smith | Video: [7] | Proof-of-concept code: [8]

From Printer to Pwnd (Praeda toolkit)
by Deral Heiland | Slides: [9] | Video: [10] | Proof-of-concept code: [11]

From Patched to Pwned (Xerox DLM RCE) (PDF)
by Deral Heiland

2010

Hacking Printers for Fun and Profit
by Andrei Costin | Video: [12]

Juste une imprimant? (Lexmark/generic attacks)
by NBS System | Slides: [13]

2006

Hacking Network Printers (HTML)
by Irongeek

2002

Understanding, Reversing, and Hacking HP Printers (HTML)
by Slobotron

Printer Exploration (PFT and Hijetter, libPJL, ChaiPortScan, ChaiCrack)
FtR of Phenoelit, FX of Phenoelit | Proof-of-concept code: [14]