Josh
@boredpentester
Followers
974
Following
6K
Media
68
Statuses
1K
Embedded device security researcher / VR / Pwn2Own / RE
Joined September 2018
The story of how I almost pwned the Lexmark Postscript stack for Pwn2Own 2025... And I would have gotten away with it too, if it hadn't been for those meddling firmware updates! https://t.co/yn9SSqfHmO
boredpentester.com
I spent the last few months researching Lexmarkβs printer for this yearβs Pwn2Own Ireland 2025. Unfortunately, my bug got patched out a week before the competition, so I thought it might be fun to...
2
30
115
π¨οΈ Brother, can you spare us a root shell? We were ready for Pwn2Own but they patched it on the LAST DAY of registration π Hope you enjoy this new blog post from us. π
starlabs.sg
The Target: Brother MFC-J1010DW Affected Models: Brother Printer MFC-J1010DW Vulnerable Firmware: Version <= 1.18 TL;DR: The Vulnerability Chain We discovered three vulnerabilities that when chained...
2
46
159
Lexmark has typically always required some creativity around leveraging Postscript or at the least PJL in most cases. Cannon has a TTF bytecode VM as @bl4sty has demonstrated. Brother has no real means of debugging. In contrast, QNAP has been mostly simple command injections...
0
0
1
I know the printers are viewed as 'soft' targets at P2O but after years of hardening, I think they're harder targets than the NASes were this year, i terms of the creativity required and the difficulty of the exploit dev process.
1
0
21
Rapidly realising that I should have gone to SASCon this year. Some of the talks look awesome π€π
1
0
7
thanks to everyone who attended my #TheSAS2025 talk "Typographic hit job: when fonts pull the trigger". π I've written an accompanying blogpost that goes over all the details:
haxx.in
Last year we (PHP HOOLIGANS) competed in Pwn2Own (ireland, 2024) once again. One of our (succesful) entries was against a little pet peeve target of mine, the CANON ImageCLASS printer. In this post...
4
40
136
What a lovely autumn day for a vuln research newsletter π΄ββ οΈ @boredpentester with a near miss for P20 kCTF 1-Day breakdowns w/ @streypaws
@theflow0 Playstation sandbox escape An Android 0-click bug from @natashenka + Jobs and MORE π https://t.co/DLzJSvZ31c
blog.exploits.club
Good thing that absolutely no drama whatsoever took place for US vuln research firms this week...annnnnyways π In Case You Missed It... * OffensiveCon CFP - Closes March 1st, 2026 so let the...
1
9
35
Not a single entry on the Brother printer this year btw! No one got UART or SWD working? (I certainly didn't)
3
0
16
πππππ₯
Live from Pwn2Own Ireland: Summoning Team vs. Samsung Galaxy
0
1
14
You can sell the Whatsapp 0-click RCE for $5m but then how do you buy back your integrity and morals when it's used against a dissident (for example)? I can kind of see the $1m argument here.
12
12
155
This is the coolest trophy yet π¦
The Master of Pwn trophy for #Pwn2Own Ireland has arrived. Quoth this raven - hack some more. #P2OIreland
0
0
15
Does anyone else get PC control and have to immediately take a 20 minute break to mentally prepare themselves for the ensuing struggle or just me? π
0
0
10
Lesson's learned this week: don't probe LCD ribbon cable pads, or ribbon cables near anything that looks power related. You will A) burn out your equipment and B) short something and forever have a dimmed Brother printer LCD that you have to now squint to read
1
0
8
Whoever found this reported as anonymous? Damn
[ZDI-25-839|CVE-2025-53783] Microsoft Teams Real Time Media Manager Integer Underflow Remote Code Execution Vulnerability (CVSS 9.8)
0
0
0
Update: it's slightly too old and uses the legacy FUL container! It was worth a try!
1
0
2
Sometimes the local dump/recycle has rare bootloaders and decryption keys in it (I hope) π
1
0
7