Tuesday, July 14, 18:02
Home security Pwn2Own: What are the results of the hacking competition for 2020?

Pwn2Own: What are the results of the hacking competition for 2020?

Pwn2Own 2020-hacking competitionThe Pwn2Own hacking contest for spring 2020 is over. This year's winner is the Fluoroacetate team, which consists of security investigators Amat Cama and Richard Zhu. The team, gaining nine points throughout the two-day competition, dominated and won the fourth in the tournament series.

This year's competition is a remarkable event. This is because while the spring version of the Pwn2Own hacking competition is taking place at the Cyber ​​Security Conference CanSecWest held every spring in Vancouver, Canada, this year things were different.

Because of the Coronado pandemic and travel restrictions imposed on many countries around the globe, many security researchers were unable to attend or were unwilling to travel to Vancouver, thinking they might be jeopardizing their health.

Instead, this year's hacking contest Pwn2Own was the first hacking competition to take place in a virtual environment.

Participants sent the privileges to Pwn2Own organizers in advance, who ran the code in a live stream with all participants present.

During the two-day competition, six teams managed to break through applications and Operating Systems such as Windows, MacOS, Ubuntu, Safari, Adobe Reader and Oracle VirtualBox. All errors that were exploited during the competition were immediately reported to their respective companies.

Pwn2Own 2020-contest hacking resultsThe results of the two-day competition are listed below, broken down by team effort.


Farm No 1: The team of Yong Hwi Jin (@ jinmo123), Jungwon Lim (@ setuid0x0_) and Japan's Insu Yun (@insu_yun_en) targeted it Apple Safari by scaling down the benefits of the macOS kernel. The operation was successful. The Georgia Tech team exploited six bugs to open the calculator application on MacOS and step up its access rights to root. The team earned $ 70.000 and 7 Master of Pwn points.

Farm No 2: Security researcher Flourescence (Richard Zhu) targeted Microsoft Windows by scaling local privileges. The operation was successful. Veteran of hacking contest Pwn2Own used a use-after-free vulnerability of Windows to escalate privileges. Earn $ 40.000 and 4 Master of Pwn points.

Farm No 3: Manfred Paul of the RedRocket CTF team targeted Ubuntu Desktop with escalation of local privileges. The operation was successful. Newcomer to the hacking contest Pwn2Own used an entry validation error to escalate privileges. So he earned $ 30.000 and 3 Master of Pwn points.

Farm No 4: The Fluoracetate team of Amat Cama and Richard Zhu targeted them Microsoft Windows with scaling local privileges. The operation was successful. The winners of Master of Pwn took advantage of a Windows error to violate the SYSTEM. They earned $ 40.000 and 4 Master of Pwn points.


Farm No 5: Phi Phạm Hồng (@ 4nhdaden) of STAR Labs (@starlabs_sg) targeted Oracle VirtualBox in the Virtualization category. The operation was successful. The researcher used an out-of-bounds read error to leak information and an un-prepared variable to execute code in Hypervisor of VirtualBox. Earn $ 40.000 and 4 Master of Pwn points.

Farm No 6: The Fluoracetate team of Amat Cama and Richard Zhu targeted it Adobe Reader by scaling local privileges to Windows. The operation was successful. The Fluoroacetate twin used two use-after-free errors - one at Acrobat and one at the core of Windows - for escalating privileges and violating the system. The team won $ 50.000 and 5 Master of Pwn points.

Farm No 7: The Synacktiv team of Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) targeted it VMware Workstation in the Virtualization category. The exploitation attempt failed. The team failed to present its exploitation within the required time.


Please enter your comment!
Please enter your name here


Spotify: Finally reshaping its podcast charts

Spotify is reshaping its podcast charts to help listeners find new shows and watch local news ...

Find out if you have been hacked and what to do about it

Hacking attacks are a daily occurrence with many victims worldwide. Everyone is vulnerable to cyber hackers, but the threats do not ...

ISIS accounts continue Facebook propaganda

According to a new research, some accounts connected to the terrorist group ISIS, still exist on Facebook, without becoming ...

US and UK: Dealing with major cyber attacks

The United States, the United Kingdom, India and Germany have experienced many "significant" cyber attacks over the past 14 years, ...

Google Meet: New security settings for training meetings

New security features are coming into the Google Meet video chat app for education subscribers' teleconferencing.

Technology companies against the deportation of foreign students from the USA!

Technology giants such as Google, Microsoft and Facebook, as well as many other technology companies, have joined the US Chamber of Commerce, ...

Microsoft announces new features in ATP for Azure Storage!

Microsoft announced today that Advanced Threat Protection (ATP) for Azure Storage now enables customers to protect ...

The UK is on the alert for cyber attacks from China

The United Kingdom must be vigilant about possible cyber attacks by countries such as China, government ministers have said.

Linux 5.8-rc5: Will be released with terminology changes

On July 4, Dan Williams proposed changing the special terms of Linux, with new names ...

Belgium: Jackpotting attack on Argenta bank ATM

Argenta Bank, based in Antwerp, Belgium, has been the victim of a jackpotting attack. Is...