Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only! Grab it Learn how two security researchers discovered and exploited a command injection vulnerability in Lexmark printers to win $20,000 at Pwn2Own 2023 in this DEF CON 31 conference talk. Follow their methodical approach to firmware analysis, including both dynamic and static analysis techniques, as they break down how they identified a basic but critical remote code execution vulnerability that affected nearly all Lexmark printer models. Gain practical insights into vulnerability research, understand why common security tools missed this flaw, and explore the released proof-of-concept exploits for both remote code execution and credential dumping. The presentation demonstrates how breaking complex security challenges into manageable milestones can lead to successful outcomes, while also discussing broader lessons about enterprise software security, programming language safety, and the state of application security tools.