RuhrSec 2017: "How to Hack Your Printer", Jens Müller скачать в хорошем качестве

RuhrSec 2017: "How to Hack Your Printer", Jens Müller

RuhrSec is the annual English speaking non-profit IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit. 🔽 More information ... Abstract. The idea of a paperless office has been dreamed for more than three decades. However, nowadays printers are still one of the most essential devices for daily work and private people. Instead of getting rid of them, printers evolved from simple printing devices to complex network computer systems installed directly in company networks, and carrying lots of confidential data in their print jobs. This makes them to an attractive attack target. In this paper we conduct a large scale analysis of printer attacks and systematize our knowledge by providing a general methodology for security analyses of printers. Based on our methodology we implemented an open-source tool called PRinter Exploitation Toolkit (PRET). We used PRET to evaluate 20 printer models from different vendors and found all of them to be vulnerable to at least one of the tested attacks. These attacks included, for example, simple Denial-of-Service (DoS) attacks or skilled attacks extracting print jobs and system files. On top of our systematic analysis we reveal novel insights that enable attacks from the Internet by using advanced cross-site printing techniques combined with printer CORS-Spoofing. Finally, we show how to apply our attacks to systems beyond typical printers like Google Cloud Print or document processing websites. We hope that novel aspects from our work will become the foundation for future researches, for example, for the analysis of IoT security. Biography. Jens Müller received his M.Sc. degree in IT Security / Networks and Systems from the Ruhr University Bochum in 2016. He has experience as a freelancer in network penetration testing and security auditing. In his spare time he develops free open source software, at present tools related to network printer exploitation. Speaker: Jens Müller ——— 👉 Subscribe to our channel:    / @hackmanit-it-security   👉 Read more about interesting IT Security topics on our blog: https://hackmanit.de/en/blog-en ✍️ Want a deeper dive? Training courses in Single Sign-On (SAML, OAuth and OpenID Connect), Secure Web Development, TLS and Web Services are available here: https://hackmanit.de/en/training/port... ——— 🌍 RuhrSec conference website: https://www.ruhrsec.de 🌍 Visit our website: https://hackmanit.de/en ✔ Follow RuhrSec on Twitter:   / ruhrsec   ✔ Follow Hackmanit on Twitter:   / hackmanit   Linkedin:   / hackmanit   XING: https://www.xing.com/pages/hackmanitgmbh ——— Thanks for your attention and support. Stay secure. #cybersecurity #IoTsecurity #ruhrsec #cyber #conference #itsecurity #itsicherheit #hack #hacking #talk