{"id":6266,"date":"2017-01-23T13:00:00","date_gmt":"2017-01-23T21:00:00","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-119\/"},"modified":"2017-01-23T13:00:00","modified_gmt":"2017-01-23T21:00:00","slug":"news-119","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/01\/23\/news-119\/","title":{"rendered":"Pwn2Own\u2122 Returns for 2017 to Celebrate 10 Years of Exploits"},"content":{"rendered":"

\"Hackers<\/p>\n

We are nine weeks away from Pwn2Own\u2122 2017 returning to CanSecWest<\/a>, which is celebrating its 10th anniversary this year. A lot has changed in the world since the first Pwn2Own in 2007. The computing space has changed drastically, as well. The first Pwn2Own happened before Conficker or Stuxnet. It happened before the rise of nation-state attacks. It happened before the explosion of ransomware. It happened before the explosion of cloud computing. It happened before bitcoin. It happened before anyone had ever heard of the Internet of Things.<\/p>\n

In other words, a lot has changed since 2007, including Pwn2Own. That first year, a laptop and $10,000* were given away. Last year<\/a>, more than $450,000 cash and prizes were awarded over the multiple categories. In 2007, a single bug was needed to exploit QuickTime. Last year, a chain of bugs was required to complete a compromise and fully win a category. Even the jackets<\/a> have<\/a> evolved<\/a>.<\/p>\n

As the contest grew, we at the Zero Day Initiative (ZDI) have grown the contest<\/a> to keep it relevant and reflect the latest trends impacting enterprises and users. This year we\u2019re expanding it even further. To celebrate 10 years of Pwn2Own, the ZDI will be offering more than $1,000,000<\/em><\/strong> across five different categories<\/a> to see the latest research and again crown a Master of Pwn. It\u2019s more money and more categories than we\u2019ve ever done, and we can\u2019t wait to see the research that comes to claim the prizes.<\/p>\n

Let\u2019s get to the categories:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Virtual Machine Escape (Guest-to-Host)<\/li>\n
  • Web Browser and Plugins<\/li>\n
  • Local Escalation of Privilege<\/li>\n
  • Enterprise Applications<\/li>\n
  • Server Side<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Virtual Machine Escape (Guest-to-Host)<\/strong><\/p>\n

We added Virtual Machine Escapes last year with VMware, and we\u2019re expanding this to include Microsoft Hyper-V this year. An attempt in this category must be launched from within the guest operating system from a non-administrative account and execute arbitrary code on the host operating system. Both the guest and the host operating system will be running the 64-bit versions of Windows 10. A successful exploit in either product will net $100,000 for the contestant plus a lucky 13 Master of Pwn points.<\/p>\n

Web Browser and Plugins<\/strong>\u00a0<\/strong><\/p>\n

Attacks on web browsers have been a part of Pwn2Own since the very beginning, and this year is no different. We welcome Mozilla Firefox back into our targets list after missing last year. Here is the full list of browsers and plugins we are including (with their payouts):\u00a0<\/strong><\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Microsoft Edge: $80,000 (10 Master of Pwn points)<\/li>\n
  • Google Chrome: $80,000 (10 Master of Pwn points)<\/li>\n
  • Mozilla Firefox: $30,000 (5 Master of Pwn points)<\/li>\n
  • Apple Safari: $50,000 (8 Master of Pwn points)<\/li>\n
  • Adobe Flash in Microsoft Edge: $50,000 (8 Master of Pwn points)<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

In this category, contestants could earn an additional $30,000 if their entry achieves SYSTEM-level code execution on Windows-based targets, or will receive an additional $20,000 if their entry achieves root-level code execution on macOS-based targets.<\/p>\n

Want a really big payout? The Windows-based targets will be running in a VMware Workstation virtual machine. If the contestant escapes the VMware Workstation virtual machine and achieves code execution on the host operating system, the contestant will receive an additional $100,000.<\/p>\n

These are cumulative bonuses, as well. For example, if a contestant exploits Google Chrome or Microsoft Edge, elevates to System, then performs a VMware escape, they will net themselves a tidy $210,000 in one sitting (and 27 Master of Pwn points!). We certainly hope someone accomplishes some chain along these lines.\u00a0<\/strong><\/p>\n

Local Escalation of Privilege<\/strong><\/p>\n

Although we\u2019ve had some Escalation of Privilege (EoP) bugs as add-ons in past Pwn2Owns, this is the first year it has a category of its own. This is also the first time we included Linux as a target. In this category, the entry must leverage a kernel vulnerability to escalate privileges. If they do, contestants will earn $30,000 for Microsoft Windows 10, $20,000 for macOS, and $15,000 for Ubuntu Desktop. They will also get 4 Master of Pwn points for Windows and 3 for the other OSes. Considering the various types of malware that use local EoPs, this could prove to be an impactful category. As always, the latest, fully-patched version of each OS will be used \u2013 even if we have to stay up late to install the patches.<\/p>\n

Enterprise Applications<\/strong><\/p>\n

One thing we think about when planning a Pwn2Own is what we hope to see. We\u2019ve considered adding Office and Reader applications in the past, and there\u2019s no better time than the 10th anniversary to include them.<\/p>\n

Here\u2019s the list of targets for this category:<\/p>\n\n\n\n\n
<\/td>\n\n
    \n
  • Adobe Reader<\/li>\n
  • Microsoft Office Word<\/li>\n
  • Microsoft Office Excel<\/li>\n
  • Microsoft Office PowerPoint<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The Microsoft Office-based targets will have Protected View enabled. Each successful exploit earns the contestant $50,000 and six Master of Pwn points. These types of exploits are seen in the wild quite a bit, so shutting a few down could really help improve the security posture for a lot of folks.\u00a0<\/strong><\/p>\n

Server Side<\/strong><\/p>\n

This is another new category for Pwn2Own, but one that should prove noteworthy. A successful exploit against Apache Web Server on Ubuntu Server will net the researcher $200,000 and earn a whopping 25 Master of Pwn points. Considering this setup accounts for roughly half<\/a> of all websites, it\u2019s pretty clear the impact a bug here would have. An attempt in this category must be launched from the contestant laptops within the contest network.<\/p>\n

Master of Pwn Returns<\/strong><\/p>\n

Speaking of Master of Pwn, we started this last year and continued it through Mobile Pwn2Own, as well. In order to crown an overall \u2018winner\u2019 for Pwn2Own, each successful exploit will receive points. Total points are calculated by the sum of the successful entries based on the following point allocations:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Category<\/strong><\/td>\nTargets<\/strong><\/td>\nPoints<\/strong><\/td>\n<\/tr>\n
Virtual Machine Escape<\/strong><\/td>\nVMware Workstation<\/td>\n13<\/td>\n<\/tr>\n
Microsoft Hyper-V<\/td>\n13<\/td>\n<\/tr>\n
Web browser and Plugins<\/strong><\/td>\nMicrosoft Edge<\/td>\n10<\/td>\n<\/tr>\n
Google Chrome<\/td>\n10<\/td>\n<\/tr>\n
Mozilla Firefox<\/td>\n5<\/td>\n<\/tr>\n
Apple Safari<\/td>\n8<\/td>\n<\/tr>\n
Adobe Flash in Edge<\/td>\n8<\/td>\n<\/tr>\n
+ Escalation to SYSTEM (Windows)<\/td>\n4<\/td>\n<\/tr>\n
+ Escalation to Root\u00a0 \u00a0(macOS)<\/td>\n3<\/td>\n<\/tr>\n
+ Virtual Machine Escape<\/td>\n13<\/td>\n<\/tr>\n
Local Escalation of Privilege<\/strong><\/td>\nMicrosoft Windows 10<\/td>\n4<\/td>\n<\/tr>\n
Apple macOS<\/td>\n3<\/td>\n<\/tr>\n
Ubuntu Desktop<\/td>\n3<\/td>\n<\/tr>\n
Enterprise Applications<\/strong><\/td>\nAdobe Reader<\/td>\n6<\/td>\n<\/tr>\n
Microsoft Office Word<\/td>\n6<\/td>\n<\/tr>\n
Microsoft Office Excel<\/td>\n6<\/td>\n<\/tr>\n
Microsoft Office PowerPoint<\/td>\n6<\/td>\n<\/tr>\n
Server Side Exploits<\/strong><\/td>\nApache Web Server<\/td>\n25<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/p>\n

For example, if a contestant has two successful entries (e.g. Microsoft Edge with a SYSTEM escalation and Google Chrome without a SYSTEM escalation), their total points would be 24 points. The contestant with the highest total points at the end of the contest will receive the title \u201cMaster of Pwn\u201d and receive 65,000 ZDI reward points (estimated at $25,000). There\u2019s a better than average chance that the title will also include some form of slick jacket<\/a> too.<\/p>\n

The complete rules for Pwn2Own 2017 are found here<\/a>. As always, we encourage entrants to read the rules<\/a> thoroughly if they choose to participate. Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at\u00a0zdi@trendmicro.com<\/a>\u00a0to begin the registration process. (Email only, please; queries via Twitter, blog post or other means will not be acknowledged or answered.) Registration closes at 5 p.m. Pacific Time on March 12, 2017.<\/p>\n

Over the next few weeks leading up to Pwn2Own, we\u2019ll be posting some stories and behind the scenes tales from the contest. Be sure to stay tuned to this blog and follow us on Twitter<\/a> for the latest information and updates about the contest. We look forward to seeing everyone in Vancouver, and here\u2019s to another 10 years of pwnage!<\/p>\n

*All monetary values are listed in U.S. dollars<\/em><\/h6>\n
<\/h6>\n
\u00a92017 Trend Micro Incorporated. All rights reserved. PWN2OWN, ZERO DAY INITIATIVE, ZDI and Trend Micro are trademarks or registered trademarks of Trend Micro Incorporated. All other trademarks and trade names are the property of their respective owners.<\/h6>\n

http:\/\/feeds.trendmicro.com\/TrendMicroSimplySecurity<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\"HackersWe are nine weeks away from Pwn2Own\u2122 2017 returning to CanSecWest, which is celebrating its 10th anniversary this year. A lot has changed in the world since the first Pwn2Own in 2007. The computing space has changed drastically, as well. The first Pwn2Own happened before Conficker or Stuxnet. It happened before the rise of nation-state…<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10413],"tags":[10414,10384,10416,714,10417,10415],"class_list":["post-6266","post","type-post","status-publish","format-standard","hentry","category-security","category-trendmicro","tag-internet-of-everything","tag-network","tag-pwn2own","tag-security","tag-zdi","tag-zero-day-initiative"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=6266"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/6266\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=6266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=6266"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=6266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}