| Tweetovi |
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
7. stu |
|
That brings #Pwn2Own Tokyo 2019 to a close. Congrats to @fluoroacetate on successfully defending their Master of Pwn title. In two days, they racked up $195,000 for their research. Congrats! pic.twitter.com/q5OezDzqzY
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
7. stu |
|
Success! The prolific @fluoroacetate duo was able to get a shell on the router. They're headed back to the disclosure room to provide all the details. #P2OTokyo
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
7. stu |
|
Success! The @fluoroacetate duo got the #Samsung Galaxy S10 to connect to their rogue base station and then pushed a file to the phone. Third year in a row. Off to the disclosure room to get all the details. pic.twitter.com/y5fpJcf3t9
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
6. stu |
|
Confirmed! The @fluoroacetate duo used a bug in JavaScript JIT followed by a UAF to escape the sandbox to grab a pic off a #Samsung Galaxy S10 via NFC. Their final entry for Day One earns them $30,000 and 3 Master of Pwn points. #P2OTokyo
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
6. stu |
|
Confirmed! The @fluoroacetate duo used a JavaScript bug that jumped the stack to exfiltrate a picture from the #Xiaomi Mi9. They earned $20,000 USD and 2 Master of Pwn points. The full write-up on this one should prove fascinating.
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
6. stu |
|
Success! It took two attempts, but the @fluoroacetate duo were able to demonstrate their exploit of the #Samsung Q60 television. They're heading back up to the disclosure room to dish the details. pic.twitter.com/fLbUzWQU0s
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
6. stu |
|
Success! The @fluoroacetate duo successfully demonstrated their exploit against the #Amazon #Echo Show. They're back to the disclosure room to confirm and provide the details. #P2OTokyo pic.twitter.com/lwvkqclTsN
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
6. stu |
|
Confirmed! The @fluoroacetate duo used a Javascript OOB Read bug to exploit the built-in browser to get a bind shell from the #Sony TV. They earned $15K and 2 Master of Pwn points to start the contest off with a bang. #P2OTokyo
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
22. ožu |
|
That's a wrap! Congrats to @fluoroacetate on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo. pic.twitter.com/Q7Fd7vuEoJ
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
22. ožu |
|
Confirmed! The @fluoroacitate duo used a JIT bug in the renderer to win $35,000 and a Model 3. What a great way to kick off the automotive category of #Pwn2Own.
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
21. ožu |
|
The @fluoroacetate duo does it again. They used a type confusion in #Edge, a race condition in the kernel, then an out-of-bounds write in #VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130K plus 13 Master of Pwn points. pic.twitter.com/mD13kozJLv
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
21. ožu |
|
Wow. Just wow. Starting from a web browser within a virtual client and ending with code execution on the host OS. Now off to the disclosure room for all the details. pic.twitter.com/PFY7V8xA2d
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
21. ožu |
|
Confirmed! The duo from @fluoroacetate used a JIT bug in #Firefox and an out-of-bounds write in the #Windows kernel to earn themselves $50,000 and 5 more Master of Pwn points. pic.twitter.com/fJPw2T9wJj
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
20. ožu |
|
Confirmed! @fluoroacetate leveraged a race condition leading to an out-of-bounds write to escalate from a #VMware client to execute code on the host OS. The effort brings them another $70,000 and 7 more Master of Pwn points. Their Day 1 total is $160,000 USD. pic.twitter.com/rJoGzHrUGP
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
20. ožu |
|
Confirmed! The @fluoroacetate team used an integer underflow and a race condition to escape the virtual machine and pop calc on the underlying OS. They earned another $35,000 and 3 points towards Master on Pwn. pic.twitter.com/oMRThKtiiL
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
20. ožu |
|
Confirmed! The team of @fluoroacetate used an integer overflow in JIT and a heap overflow to escape the sandbox. The successful #Safari exploit chain earned them $55,000 and 5 Master of Pwn points. pic.twitter.com/YDA4YQHbGZ
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
14. stu 2018. |
|
That brings to an end #Pwn2Own Tokyo 2018! Congrats to team @fluoroacetate on earning 45 points and being crowned Master of Pwn! #P2OTokyo pic.twitter.com/5MVzayd5aF
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
13. stu 2018. |
|
Confirmed! The @fluoroacetate duo used an integer overflow in the JavaScript engine of the #Xiaomi web browser to exfiltrate a picture from the phone. They earn $25K and 6 Master of Pwn points.
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
13. stu 2018. |
|
Confirmed! The @fluoroacetate duo combined a bug in JIT with an Out-Of-Bounds Access to exfiltrate data from the iPhone. In the demo, they grabbed a previously deleted photo. In doing so, they earn themselves $50K and 8 Master of Pwn points. #P2OTokyo
|
||
|
|
||
| fluoroacetate proslijedio/la je tweet | ||
|
Zero Day Initiative
@thezdi
|
12. stu 2018. |
|
Confirmed! The dynamic @fluoroacetate duo used a JIT bug followed by an Out-Of-Bounds write to get code execution on the #iPhoneX. They earned themselves an additional $60K and 10 more Master of Pwn points.
|
||
|
|
||