Chinese hackers clean up in PwnFest – Business contest

Members of the Qihoo 360 cybersecurity team won the “Lord of Pwn” Gold Trophy at the PwnFest competition held November 10-11 in Seoul, South Korea. [Photo provided to]

Qihoo 360’s Chinese cybersecurity contenders were crowned “Lords of Pwn” at last week’s PwnFest in South Korea.

PwnFest is a new vulnerability detection competition organized by the South Korean organizer of the cybersecurity conference, the Power of Community (POC).

Supported by Microsoft, Google, Apple, Adobe and VMware, the competition provides valuable information for businesses to patch software to prevent dark side hackers from exploiting loopholes for malicious purposes.

The prize of $ 1.7 million for winning the competition as a whole is the highest of similar competitions in the industry.

Teams at Qihoo 360 Technology, one of China’s largest cybersecurity companies, have beaten their rivals in pwning challenges targeting Microsoft Edge, VMware Workstation, Adobe Flash, and Google Pixel. They won the “Lord of Pwn” Gold Trophy and a total of $ 530,000 in prizes for winning the most medals.

VMware has not been cracked for seven years.

The targets for the competition were chosen from a variety of systems that have been updated recently, including Microsoft Edge, Android 7.0, Microsoft Hyper-V, Google Chrome, Apple iOS 10 and Safari + Mac OS X Sierra, Adobe Flash, and VMware Workstation Pro 12.

A joint team of Pangu, a Chinese hacking team famous for iOS jailbreaks, and JH hackers, took home the $ 100,000 prize for finding Safari’s latest weakness that gave them root access to Mac OS Sierra.

Chen Xiaobo, one of the main members of Pangu, told the media that they still have the option to jailbreak the latest iOS 10.1.1.

The team gave a keynote titled “Review of iOS 9.3.3 Jailbreak & Security Enhancements of iOS 10” at the POC 2016 conference that runs alongside the competition. They discussed some security improvements in iOS 10 and new hardware protection for iPhone7 Plus.

“In fact, iOS 10 fixed many unpublished bugs and improved some security mechanisms such as KPP, sandbox, and kernel heap management,” the team said.

Another participant named Jung Hoon Lee, a 22 year old South Korean known as Lokihardt, won almost $ 300,000 in the PwnFest competition for Microsoft Edge pwning and VMWare Workstation.

Six themes from Chinese teams were chosen to be presented at the conference, covering research on vulnerabilities in web browsers, mobile operating systems, virtual systems and autonomous driving.

Four of the six were showcased by teams at Qihoo 360’s Cybersecurity Innovation Center, including 360Vulcan, 360Marvel, 360Unicorn, and 360Sky-go, which specialize in research and development of security for operating systems. and software, virtual systems, wireless and automotive industries.

Zheng Wenbin, known as MJ0011, leads the Vulnerability Research Team, which has completed hundreds of Common Vulnerabilities and Exposures (CVEs) from Microsoft, Apple, and Adobe.

Being a regular at POC, Zheng said that while the number of attendees and POC topics were lower than some of the world’s top hacker events, such as Black Hat, some of the issues on the agenda were about advanced technologies. in the security sector.

Source link

About Kelly Choos

Kelly Choos

Check Also

Jailbreak – 9to5Mac

Jailbreaking usually refers to eradicating iOS software program restrictions on Apple gadgets via software program …