• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   Zero Day Initiative announces Pwn2Own 2016

Zero Day Initiative announces Pwn2Own 2016

  • Posted on:March 9, 2016
  • Posted in:Network, Security
  • Posted by:
    Brian Gorenc
0

(This was originally posted on 2/10/2016 to the HP Enterprise Blog. With the completion of Trend Micro’s acquisition of TippingPoint, including the Zero Day Initiative it is being reposted here)

Vancouver is a city known for its wonderful aquarium, stunning art gallery, and great cuisine. Over the last several years, it has also become home to the world’s premiere event for security researchers to demonstrate vulnerabilities in the latest software and get some serious cash in the process – Pwn2Own. This year,  Hewlett Packard Enterprise, Trend Micro, and the Zero Day Initiative partner to bring the annual Pwn2Own to Vancouver with a new twist to the rules to keep things interesting.

Since it’s inception in 2007, Pwn2Own has increased the challenge level at each new competition, and this year is no different. While the latest browsers from Google, Microsoft, and Apple are still targets, the Windows-based targets will be running on a VMware Workstation virtual machine. A $75K bonus will be given to those who can escape the VMware virtual machine. This is our first year including VMware as a target, and we look forward to seeing what researchers will do with it.

image24

Master of Pwn

Where others imitate Pwn2Own, we innovate. Observers usually tally up the prize money to determine if there is a “biggest winner” of Pwn2Own. This year, we’re formalizing the process by recognizing the researcher who had the best overall performance throughout the entire contest. Points will be awarded for each successful exploit, and the contestant with the highest total points at the end of the contest will receive 65,000 ZDI reward points (estimated at $25,000). We’re calling this the “Master of Pwn,” and here’s how it will work. Total points are calculated by the sum of the successful entries based on the following point allocations:

Target Points
VMware Workstation Escape 13
Google Chrome 10
Microsoft Edge 10
Adobe Flash 8
Apple Safari 6
SYSTEM Escalation 5
Root Escalation 4
Target Sandbox Escape 3

 

For example, if someone has two successful entries (Google Chrome with a sandbox escape and Microsoft Edge with a SYSTEM escalation), the total points would be 28 points – and that’s in addition to the prize money itself. If two or more contestants have the same number of points at the end of the contest, all of them will receive the ZDI reward points, sharing the Master of Pwn title. 

Contest Dates

As in previous years, the contest will take place in Vancouver, British Columbia, at the CanSecWest 2016 conference on March 16 and 17. The schedule of contestants and platforms will be determined by random drawing on the first day of the conference and posted on the Trend Micro Simply Security blog prior to the start of competition.

Rules and prizes

The 2016 competition consists of four of the most popular, and most targeted, software platforms in the world. All target machines will be running the latest fully-patched versions of the relevant operating systems (Windows 10 64-bit and OS X “El Capitan”), installed in their default configurations. As in last year’s competition, the exploit must work with Microsoft’s Enhanced Mitigation Experience Toolkit (most current version compatible with the target) protections are enabled.

Windows-based targets:

  • Google Chrome: $65,000
  • Microsoft Edge: $65,000
  • Adobe Flash running in Microsoft Edge: $60,000

Mac OS X-based targets:

  • Apple Safari: $40,000

If the exploit achieves SYSTEM-level code execution or root-level code execution, the contestant will receive an additional $20,000.

As mentioned, the Windows-based targets will be running in a VMware Workstation virtual machine. If anyone manages to escape the VMware Workstation virtual machine and achieves code execution on the host operating system, they’ll receive an additional $75,000. This prize is only eligible on the Windows-based targets listed above.

As always, successful exploitation means you get that amount in a single payment – not ‘up to’ that amount and not paid out in installments.

Now for a few notes from our lawyers. A successful entry in the contest should leverage a vulnerability to modify the standard execution path of a program or process in order to allow the execution of arbitrary instructions. The entry is required to defeat the target’s techniques designed to ensure the safe execution of code, such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and application sandboxing. The resulting payload should be executing in an elevated context (for example, on Windows-based targets, Medium integrity level or higher).

The vulnerability or vulnerabilities used in each attack must be unknown, unpublished, and not previously reported to the vendor. A particular vulnerability can only be used once across all categories. A successful remote attack against these targets must require no user interaction beyond the action required to browse to the malicious content and must occur within the user’s session with no reboots, or logoff/logons.

The full set of rules for Pwn2Own 2016 is available here. They may be changed at any time without notice. We encourage entrants to read the rules thoroughly if they choose to participate.

Registration is required to ensure we have sufficient resources on hand at the event. Please contact ZDI at zdi@trendmicro.com to begin the registration process. (Email only, please; queries via Twitter, blog post, or other means will not be acknowledged or answered.) If we receive more than one registration for any category, we’ll hold a random drawing to determine contestant order. Registration closes at 5pm Pacific Time on March 14, 2016.

Vulnerabilities and exploit techniques revealed by contest winners will be disclosed to the affected vendors, and the proof of concept will become the property of ZDI in accordance with the ZDI program. If the affected vendors wish to coordinate an onsite transfer at the conference venue, ZDI is able to accommodate that request.

Follow the action

Trend Micro’s Simply Security blog will be updated periodically with blogs and photos between now and the competition, and in real time during the event. Follow us on Twitter at @thezdi and @trendmicro, and keep an eye on the #pwn2own hashtag for continuing coverage.

We look forward to seeing everyone in Vancouver, and let the pwnage commence!

Press

Please direct all Pwn2Own or ZDI-related media inquiries to zdi@trendmicro.com; and for Trend Micro specific questions, please contact Thomas Moore at thomas_moore@trendmicro.com.

Related posts:

  1. Pwn2Own 2016 – Trend Micro TippingPoint DVLabs Exclusive Zero Day Coverage!
  2. Pwn2Own 2016 Opens Tomorrow
  3. Pwn2Own™ Returns for 2017 to Celebrate 10 Years of Exploits
  4. April 2016 Microsoft and Adobe Security Patches: Badlock Not So Bad and Adobe Fully Closes Pwn2Own 2016 Vulnerabilities

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.