Beforehand we reported on the outcomes from Pwn2Own Toronto for Day 1 and Day 2 and at this time we can be speaking in regards to the proceedings of the final two days of the competition. With out additional ado, let’s get proper into it.
Pwn2Own Day 3
On December 08, 2022, the primary success of the day went to Group Viettel which earned $20,000 for his or her execution of an OS Command Injection assault towards the WD My Cloud PRO SERIES PR4 100 within the NAS class.
A newcomer Chi Tran of group Bun Bo Ong Chi executed their stack-based buffer overflow assault towards the Canon picture CLASS MF74Cdw within the Printer class and was rewarded $10,000 for his or her hack.
Group DEVCORE alternatively, used one distinctive and one beforehand used bug towards the Sonos One Speaker within the Sensible Speaker class, incomes $22,500.
NCC Group’s consultant group earned $50,000 for hacking a Ubiquiti router and a Lexmark printer within the SOHO Smashup class. The Star Labs group earned $25,000 for an assault concentrating on a Synology router and a Canon printer. Group Viettel was awarded $37,500 for a hack involving a Cisco router and a Canon printer.
For less than the Samsung Galaxy S22 exploits all through the occasion, the contestants earned a complete of $125,000. Google and Apple telephones weren’t focused.
By the tip of the third day of the competitors, a complete of $934,750 had been awarded to the contestants for his or her profitable hacks.
Watch as Hackers Hack at Pwn2Own
Pwn2Own Day 4
On December 09, 2022, on the fourth day, ZDI, the group behind Pwn2Own, awarded one other $55,000, bringing the whole contest prize cash to $989,750. 63 distinctive zero days have been bought throughout the four-day contest.
The Grasp of Pwn title was awarded to the DEVCORE group for his or her winnings of $142,500 and 18.5 factors. Group Viettel and NCC Group adopted shut behind with 16.5 and 15.5 factors respectively.
Out of the 11 makes an attempt scheduled for the final day of the competition, concentrating on printers and routers, solely 3 have been profitable for the reason that others both failed or used bugs beforehand reported within the occasion.
The primary victory went to Chris Anastasion who used a heap-based buffer overflow to use the Lexmark printer, incomes $10,000. This was adopted by ANHTUD Info Safety Division incomes $10,000 through the use of one other heap-based overflow to use the Canon printer.
The final profitable hack of the Pwn2Own Toronto contest was carried out by the namnp group which gained $10,000 for his or her distinctive bug towards the Canon printer.
Watch as Hackers Hack at Pwn2Own
With this, the hacking competitors got here to an finish, marking one more profitable Pwn2Own iteration. Nonetheless, the Pwn2Own 2023 occasion will happen in South Seashore, Miami, from February 14-16, 2023. It is going to be an ICS/SCADA-themed occasion.
Associated Information
- Google Launches Bug Bounty Prog for Open-Supply Software program
- Multichain hack: Hacker returns $1m, retains $150k as bug bounty
- Xiaomi, Amazon Echo, & Samsung Sensible TVs pwned at Pwn2Own
- Hack the US Military for good with ‘Hack The Military’ bug bounty prog
- Pwn2Own: Microsoft Alternate server, Groups, Zoom, Chrome pwned