Dive into the intricacies of exploiting Lexmark printers' custom PostScript stack in this 49-minute conference talk from Hack In The Box Security Conference. Explore the internals of Lexmark's closed-source 'pagemaker' service, gain an introduction to the PostScript language, and understand the functionality crucial for exploiting discovered vulnerabilities. Learn about the mitigations implemented by the 'pagemaker' service, its sandboxing techniques, and how bugs were identified. Discover how pre-auth remote code execution was achieved using out-of-bounds read and type confusion bugs during the Pwn2Own Toronto 2022 contest. Benefit from the speaker's 20+ years of industry experience in exploit development, including work with the Exploit Development Group at NCC Group, BlackBerry, and Symantec.