The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking conference, for the first time its organizer, the Zero Day Initiative (ZDI), has decided to arrange the event allowing the participants to remotely demonstrate their exploits.
Day 2 begun with Phi Phạm Hồng of STAR Labs that demonstrated a working VirtualBox exploit that resulted in a guest OS escape and arbitrary code execution on the host. The exploit involved out-of-bounds read and uninitialized variable bugs.
“Phi Phạm Hồng (@4nhdaden) of STAR Labs (@starlabs_sg) targeting Oracle VirtualBox in the Virtualization category.” reads the page of the event.
SUCCESS – Day Two kicks off with 4nhdaden using an OOB Read for an info leak and an unitialized variable for code execution on the hypervisor. He earns himself $40,000 and 4 Master of Pwn points.
Later the popular duo Amat
The white hat hackers used a pair of UAFs – one in Acrobat and one in the Windows kernel – to elevate
Confirmed! The @fluoroacetate duo used a pair of UAFs – one in #Adobe and one in the #Windows kernel to take over the target system. They earn themselves $50,000 and 5 more points towards Master of Pwn. #Pwn2Own
— Zero Day Initiative (@thezdi) March 19, 2020
On Day 2 of the Pwn2Own there
At the end of the day, Lucas Leong of the Zero Day Initiative (ZDI) demonstrated a guest-to-host escape on VirtualBox.
During the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for exploits targeting Windows 10, Ubuntu Desktop and macOS.
The total amount paid out this year is half of what the participants received last year.
That's a wrap! #Pwn2Own 2020 officially comes to a close. We're happy to award the @fluoroacetate duo the title of Master of Pwn. It was a close event, but their 9 points (& $90K) was just ahead of the team from @SSLab_Gatech. Congrats to all the contestants. pic.twitter.com/vvmduLxwJ5
— Zero Day Initiative (@thezdi) March 20, 2020
[adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]