Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Pwn2Own Tokyo (Live from Toronto) โ€“ Day Three Results and Master of Pwn

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Pwn2Own Tokyo (Live from Toronto) โ€“ Day Three Results and Master of Pwn


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

Pwn2Own Tokyo (Live from Toronto) has completed, but not without its fair share of drama and excitement. The third and final day of the competition saw us award $37,500 for 6 bugs across 4 devices. Hereโ€™s a quick video recapping the dayโ€™s events:

Our day began with the DEVCORE team successfully demonstrating their code execution bug chain on the Western Digital My Cloud Pro Series PR4100 NAS. They used a six-bug chain to get their root shell, but two of these bugs has been previously reported. They still earn $17,500 and 1.5 points towards Master of Pwn.

Figure 1 - Demonstrating the root shell on the Western Digital NAS

Figureย 1ย - Demonstrating the root shell on the Western Digital NAS

Next up, Team Bugscale targeted the LAN interface of the NETGEAR Nighthawk R7800 router. Unfortunately, they could not get their exploit to work within the time allotted.

Figure 2 - Team Bugscale could not get their exploit to work in the time allotted

Figureย 2ย - Team Bugscale could not get their exploit to work in the time allotted

Following that, Pwn2Own newcomer Gaurav Baruah targeted the Western Digital My Cloud Pro Series PR4100. He was able to demonstrate getting a root shell on the device. However, the bug he used had been previously reported during the contest. He still earns 1 point towards Master of Pwn.

Figure 3 - Gaurav Baruah watches his demonstration gain a root shell

Figureย 3ย - Gaurav Baruah watches his demonstration gain a root shell

The Viettel Cyber Security team returned for their second attempt of the contest. This time, the Sony X800 smart TV was their focus. They were able to read sensitive files from a fully patched device. However, the bug they used was publicly known. This partial win does result is 1 point towards Master of Pwn.

Figure 4 - Disclosing sensitive files from a Sony smart TV

Figureย 4ย - Disclosing sensitive files from a Sony smart TV

In the final entry of the contest, the STARLabs team returned to target the Synology DiskStation DS418Play NAS. They combined a race condition and an Out-Of-Bounds (OOB) Read to get a root shell on the device. This successful demonstration earned them $20,000 and 2 Master of Pwn points.

Figure 5 - The STARLabs team observes the ZDI Bug Extraction Crew demonstrate their root shell on the Synology NAS

Figureย 5ย - The STARLabs team observes the ZDI Bug Extraction Crew demonstrate their root shell on the Synology NAS

And thus ends another exciting Pwn2Own event. After counting all the points, Team Flashback, also known as Pedro Ribeiro (@pedrib1337) and Radek Domanski (@RabbitPro), came out on top and were crowned the Master of Pwn for the event. Congratulations to the duo of researchers. Hereโ€™s how the final standings look:

MoP Standings-Day 3.jpg

For the entire competition, we awardย $136,500ย forย 23ย unique bugs across six different devices. As always, vendors have received the details of these bugs, and they now have 120 days to produce security patches to address the issues we reported. Once these are made public, stay tuned to this blog for more details about some of the best and most interesting research we saw this week.ย 

Special Thanks

We wanted to be sure to thank everyone who participated in this yearโ€™s competition. There were definitely unique challenges to overcome, but everyone came together to not just make it happen โ€“ they made it fabulous. We want to thank the participants for trusting us with their research and allowing us to run each attempt. We want to thank vendors for their support and for dialing in throughout the disclosure process. Their continued involvement in coordinated disclosure and security response processes helps the entire community. Special thanks also go out to our partners Facebook for their continued support before and during the contest.

Our next competition will be in Vancouver, where enterprise applications and tools will be put to the test. We hope to see you there. Until then, you can follow theย teamย for the latest in exploit techniques and security patches.

...



๐Ÿ“Œ Pwn2Own Tokyo (Live from Toronto) โ€“ Day Three Results and Master of Pwn


๐Ÿ“ˆ 98.37 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn


๐Ÿ“ˆ 70.21 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2018 - Day Two Results and Master of Pwn


๐Ÿ“ˆ 67.75 Punkte

๐Ÿ“Œ Pwn2Own Tokyo (Live from Toronto) - Schedule and Live Results


๐Ÿ“ˆ 66.24 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2020 (Live From Toronto) - Day One Results


๐Ÿ“ˆ 64.8 Punkte

๐Ÿ“Œ Pwn2Own Tokyo (Live from Toronto) - Day One Results


๐Ÿ“ˆ 64.8 Punkte

๐Ÿ“Œ Pwn2Own Tokyo (Live from Toronto) - Day Two Results


๐Ÿ“ˆ 64.8 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2020 (Live from Toronto ) - Day Two Results


๐Ÿ“ˆ 64.8 Punkte

๐Ÿ“Œ Pwn2Own Tokyo Day 3: Team Flashback crowned Master of Pwn


๐Ÿ“ˆ 55.18 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2023 - Day Three Results


๐Ÿ“ˆ 54.38 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2022 - Day Three Results


๐Ÿ“ˆ 54.38 Punkte

๐Ÿ“Œ Pwn2Own Tokyo (Live from Toronto) 2020 - Day One


๐Ÿ“ˆ 54.03 Punkte

๐Ÿ“Œ Pwn2Own Day Two โ€“ Results and Master of Pwn


๐Ÿ“ˆ 53 Punkte

๐Ÿ“Œ Announcing Pwn2Own Tokyo 2020 โ€“ Live from Toronto!


๐Ÿ“ˆ 49.13 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2023 - Day One Results


๐Ÿ“ˆ 45.51 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2023 - Day Two Results


๐Ÿ“ˆ 45.51 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2023 - Day 4 Results


๐Ÿ“ˆ 45.51 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2023 - Day Four Results


๐Ÿ“ˆ 45.51 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2022 - Day One Results


๐Ÿ“ˆ 45.51 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2022 - Day Two Results


๐Ÿ“ˆ 45.51 Punkte

๐Ÿ“Œ Pwn2Own Vancouver 2019: Day Schedule Results and Live Results


๐Ÿ“ˆ 45.41 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2019 - Day Two and Final Results


๐Ÿ“ˆ 44.84 Punkte

๐Ÿ“Œ Welcome to Pwn2Own Tokyo 2019 - Schedule and Live Updating Results


๐Ÿ“ˆ 44.49 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2019 โ€“ Day One Results


๐Ÿ“ˆ 43.05 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2019 - Day One Results


๐Ÿ“ˆ 43.05 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2019 โ€“ Day Two Final Results


๐Ÿ“ˆ 43.05 Punkte

๐Ÿ“Œ Pwn2Own Tokyo 2018: Day One Results


๐Ÿ“ˆ 43.05 Punkte

๐Ÿ“Œ Pwn2Own Toronto 2022 Results


๐Ÿ“ˆ 40.61 Punkte

๐Ÿ“Œ Exploiting the Sonos One Speaker Three Different Ways: A Pwn2Own Toronto Highlight


๐Ÿ“ˆ 38.71 Punkte

๐Ÿ“Œ Pwn2Own Miami 2023 โ€“ Day Three Results


๐Ÿ“ˆ 37.17 Punkte

๐Ÿ“Œ Pwn2Own 2017 - Day Three Results


๐Ÿ“ˆ 37.17 Punkte

๐Ÿ“Œ Pwn2Own Vancouver 2023 - Day Three Results


๐Ÿ“ˆ 37.17 Punkte

๐Ÿ“Œ Pwn2Own Automotive 2024 - Day Three Results


๐Ÿ“ˆ 37.17 Punkte

๐Ÿ“Œ Zero Day Initiative โ€” Pwn2Own Toronto 2022 - The Schedule


๐Ÿ“ˆ 34.73 Punkte

๐Ÿ“Œ Samsung Galaxy S22 hacked twice on first day of Pwn2Own Toronto


๐Ÿ“ˆ 34.73 Punkte











matomo