Man
Professional
- Messages
- 3,222
- Reaction score
- 815
- Points
- 113
White hat hackers caused the organizers losses of half a million dollars, and this is great news.
The Pwn2Own 2024 contest has started in Ireland, and the first day has already brought impressive results. For 52 unique 0day vulnerabilities, participants received a total of $516,250.
The leader at the end of the first day was the Viettel Cyber Security team with 13 points, which came close to the title of Master of Pwn. It was this team that discovered a buffer overflow vulnerability and a pointer error in the Lorex 2K Wi-Fi camera, earning $30,000 and 3 points. Also, specialists from Viettel were noted for an impressive attack on the QNAP QHora-322 router and the TrueNAS Mini X NAS, exploiting four vulnerabilities at once, which brought the team another $50,000 and 10 points.
Summoning Team's Sina Heirkha stood out for trying to attack multiple devices at once. He used nine vulnerabilities to hack QNAP QHora-322 and TrueNAS Mini X, for which he received $100,000 and 10 points. However, it was unable to successfully complete the exploits on Synology devices within the set time.
The RET2 Systems team also succeeded, hacking into the Sonos Era 300 speaker with an out-of-bounds write error, which earned them $60,000 and 6 points. In another round, hackers once again distinguished themselves by gaining access to Synology DiskStation DS1823xs+ and earning an additional $20,000.
PHP Hooligans and Midnight Blue exploited the vulnerability to successfully attack the Canon imageCLASS MF656Cdw printer, earning $20,000 and 2 points. However, other attempts by teams with Lorex and Synology cameras were unsuccessful.
The Synacktiv team used unique bugs to hack Ubiquiti AI Bullet, for which they received $15,000 and 3 points. Also, their first attempt with the Lorex camera brought in $11,250, despite the fact that one of the bugs used had already been used earlier.
Experts were particularly impressed by Ryan Emmons and Stephen Fuer of Rapid7, who exploited a vulnerability in argument processing to attack Synology DiskStation, earning $40,000.
The results of the first day showed a high level of competition and a variety of attacks. The tournament will continue, and there are still many attempts and unique vulnerabilities ahead.
Source
The Pwn2Own 2024 contest has started in Ireland, and the first day has already brought impressive results. For 52 unique 0day vulnerabilities, participants received a total of $516,250.
The leader at the end of the first day was the Viettel Cyber Security team with 13 points, which came close to the title of Master of Pwn. It was this team that discovered a buffer overflow vulnerability and a pointer error in the Lorex 2K Wi-Fi camera, earning $30,000 and 3 points. Also, specialists from Viettel were noted for an impressive attack on the QNAP QHora-322 router and the TrueNAS Mini X NAS, exploiting four vulnerabilities at once, which brought the team another $50,000 and 10 points.
Summoning Team's Sina Heirkha stood out for trying to attack multiple devices at once. He used nine vulnerabilities to hack QNAP QHora-322 and TrueNAS Mini X, for which he received $100,000 and 10 points. However, it was unable to successfully complete the exploits on Synology devices within the set time.
The RET2 Systems team also succeeded, hacking into the Sonos Era 300 speaker with an out-of-bounds write error, which earned them $60,000 and 6 points. In another round, hackers once again distinguished themselves by gaining access to Synology DiskStation DS1823xs+ and earning an additional $20,000.
PHP Hooligans and Midnight Blue exploited the vulnerability to successfully attack the Canon imageCLASS MF656Cdw printer, earning $20,000 and 2 points. However, other attempts by teams with Lorex and Synology cameras were unsuccessful.
The Synacktiv team used unique bugs to hack Ubiquiti AI Bullet, for which they received $15,000 and 3 points. Also, their first attempt with the Lorex camera brought in $11,250, despite the fact that one of the bugs used had already been used earlier.
Experts were particularly impressed by Ryan Emmons and Stephen Fuer of Rapid7, who exploited a vulnerability in argument processing to attack Synology DiskStation, earning $40,000.
The results of the first day showed a high level of competition and a variety of attacks. The tournament will continue, and there are still many attempts and unique vulnerabilities ahead.
Source
