Tuesday, October 27, 21:51
Home security Pwn2Own: What are the results of the hacking competition for 2020?

Pwn2Own: What are the results of the hacking competition for 2020?

Pwn2Own 2020-hacking competitionThe Pwn2Own hacking contest for spring 2020 is over. This year's winner is the Fluoroacetate team, which consists of security investigators Amat Cama and Richard Zhu. The team, gaining nine points throughout the two-day competition, dominated and won the fourth in the tournament series.

This year's competition is a remarkable event. This is because while the spring version of the Pwn2Own hacking competition is taking place at the Cyber ​​Security Conference CanSecWest held every spring in Vancouver, Canada, this year things were different.

Because of the Coronado pandemic and travel restrictions imposed on many countries around the globe, many security researchers were unable to attend or were unwilling to travel to Vancouver, thinking they might be jeopardizing their health.

Instead, this year's Pwn2Own hacking contest was the first hacking contest to take place in a virtual environment.

Participants sent the privileges to Pwn2Own organizers in advance, who ran the code in a live stream with all participants present.

During the two-day competition, six teams managed to break through applications and Operating Systems such as Windows, MacOS, Ubuntu, Safari, Adobe Reader and Oracle VirtualBox. All errors that were exploited during the competition were immediately reported to their respective companies.

Pwn2Own 2020-contest hacking resultsThe results of the two-day competition are listed below, broken down by team effort.

FIRST DAY

Farm No 1: The team of Yong Hwi Jin (@ jinmo123), Jungwon Lim (@ setuid0x0_) and Japan's Insu Yun (@insu_yun_en) targeted it Apple Safari by scaling down the benefits of the macOS kernel. The operation was successful. The Georgia Tech team exploited six bugs to open the calculator application on MacOS and step up its access rights to root. The team earned $ 70.000 and 7 Master of Pwn points.

Farm No 2: Security researcher Flourescence (Richard Zhu) targeted Microsoft Windows by scaling local privileges. The operation was successful. Veteran of hacking contest Pwn2Own used a use-after-free vulnerability of Windows to escalate privileges. Earn $ 40.000 and 4 Master of Pwn points.

Farm No 3: Manfred Paul of the RedRocket CTF team targeted Ubuntu desktop with escalation of local privileges. The operation was successful. Newcomer to the hacking contest Pwn2Own used an entry validation error to escalate privileges. So he earned $ 30.000 and 3 Master of Pwn points.

Farm No 4: The Fluoracetate team of Amat Cama and Richard Zhu targeted them Microsoft Windows with scaling local privileges. The operation was successful. The winners of Master of Pwn took advantage of a Windows error to violate the SYSTEM. They earned $ 40.000 and 4 Master of Pwn points.

SUNDAY

Farm No 5: Phi Phạm Hồng (@ 4nhdaden) of STAR Labs (@starlabs_sg) targeted Oracle VirtualBox in the Virtualization category. The operation was successful. The researcher used an out-of-bounds read error to leak information and an un-prepared variable to execute code in Hypervisor of VirtualBox. Earn $ 40.000 and 4 Master of Pwn points.

Farm No 6: The Fluoracetate team of Amat Cama and Richard Zhu targeted it Adobe Reader by scaling up local Windows privileges. The exploitation was successful. The Fluoroacetate duo used two use-after-free bugs - one in Acrobat and one in the Windows kernel - for scaling privileges and system breaches. The team won $ 50.000 and 5 Master of Pwn points.

Farm No 7: The Synacktiv team of Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) targeted it VMware Workstation in the Virtualization category. The exploitation attempt failed. The team failed to present its exploitation within the required time.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

00:01:47

Data breach in a law firm exposes data of Google employees

Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP revealed that it suffered a data breach that led to the leakage of personal data ...

How to install a .watchface file on Apple Watch

The Apple Watch lets you customize the faces of the watch to display all kinds of useful information. But did you know ...

The five biggest data breaches of the 21st century

Data is becoming more and more sought after as our daily lives become more digitized. The technology giants that monopolize data are ...

Microsoft is limiting the availability of Windows 10 20H2

Microsoft is currently restricting the availability of Windows 10 20H2 to provide all users who want to ...

How to enable the new Chrome Read more feature

The latest version of Google Chrome browser, v86, released earlier this month, contains a secret feature called Read ...

How to choose a custom color for the Start menu

Starting with the October 2020 update, Windows 10 is the default on a theme that removes bright colors from ...

NASA telescope discovers drinking water on the moon

Eleven years ago, a spacecraft changed our view of the moon forever. The data collected by ...

Microsoft: Enhances password spray attack detection capabilities

Microsoft has significantly improved the ability to detect password spray attacks in the Azure Active Directory (Azure AD) and has reached the point ...

How to prevent companies from finding our phone number

In the age of advertising, the more user information is known the more convenient it is for companies. And in particular, the ...

Violation in a psychotherapy clinic led to blackmail of patients

Two years ago, a cyber attack took place in a Finnish psychotherapy clinic, which resulted in data theft and ransom demand. Now,...