On the second day of the competition, the attacks became even more sophisticated and destructive.
In Ireland, the exciting Pwn2Own 2024 competition continues, where participants demonstrate their skills in finding vulnerabilities in popular devices. The second day brought 51 zero-day vulnerabilities and a total reward of $358,625. While more than 874 thousand dollars have already been paid for both days of the competition.
Viettel Cyber Security remains the current leader in the fight for the title of "Master of Pwn" and the prize pool of $ 1 million, but there are still two days ahead, and the situation may change.
One of the highlights of the second day was the success of the ANHTUD team, who exploited a stack overflow vulnerability to hack into the Canon imageCLASS MF656Cdw printer, earning $10,000 and two points. On another front, NCC Group specialist Ken Gannon managed to exploit five bugs to hack into a Samsung Galaxy S24 smartphone and get $50,000 and five points.
The Viettel Cyber Security team also demonstrated skill by exploiting a Use-After-Free vulnerability to hack into the Sonos Era 300 speaker and earning $30,000. InfoSect engineers similarly took control of the Sonos column and added $30,000 to the team's account.
There were also failures. For example, the Rapid7 team was unable to complete the hacking of the Lorex 2K camera, and the DEVCORE team did not have time to complete the attack on the router and printer bundle as part of the SOHO Smashup mission. However, even attempts that ended in partial success or encounters with previously exploited bugs brought participants cash rewards and additional points.
One of the impressive achievements was the hacking of the QNAP TS-464 NAS device by Team Cluck using CLRF injection, which brought them $20,000. Similarly, the QNAP hack by the YingMuo team using SQL injection was successful.
The competition continues, and not only a large prize pool remains at stake, but also the prestigious title of "Master of Pwn". New attempts are ahead, which promise even more intrigue and discoveries.
Source
In Ireland, the exciting Pwn2Own 2024 competition continues, where participants demonstrate their skills in finding vulnerabilities in popular devices. The second day brought 51 zero-day vulnerabilities and a total reward of $358,625. While more than 874 thousand dollars have already been paid for both days of the competition.
Viettel Cyber Security remains the current leader in the fight for the title of "Master of Pwn" and the prize pool of $ 1 million, but there are still two days ahead, and the situation may change.
One of the highlights of the second day was the success of the ANHTUD team, who exploited a stack overflow vulnerability to hack into the Canon imageCLASS MF656Cdw printer, earning $10,000 and two points. On another front, NCC Group specialist Ken Gannon managed to exploit five bugs to hack into a Samsung Galaxy S24 smartphone and get $50,000 and five points.
The Viettel Cyber Security team also demonstrated skill by exploiting a Use-After-Free vulnerability to hack into the Sonos Era 300 speaker and earning $30,000. InfoSect engineers similarly took control of the Sonos column and added $30,000 to the team's account.
There were also failures. For example, the Rapid7 team was unable to complete the hacking of the Lorex 2K camera, and the DEVCORE team did not have time to complete the attack on the router and printer bundle as part of the SOHO Smashup mission. However, even attempts that ended in partial success or encounters with previously exploited bugs brought participants cash rewards and additional points.
One of the impressive achievements was the hacking of the QNAP TS-464 NAS device by Team Cluck using CLRF injection, which brought them $20,000. Similarly, the QNAP hack by the YingMuo team using SQL injection was successful.
The competition continues, and not only a large prize pool remains at stake, but also the prestigious title of "Master of Pwn". New attempts are ahead, which promise even more intrigue and discoveries.
Source
