Episode
82: Master of Pwn
1:07:24
Published: Tue Jan 05 2021
Description
The Zero Day Initiative runs a hacker contest called Pwn2Own. The contest calls the best hackers in the world to demonstrate they can hack into software that should be secure. Like browsers, phones, and even cars. A lot of vulnerabilities are discovered from this event which means vendors must fix them. Whoever can demonstrate the most vulnerabilities will be crowned the “Master of Pwn”. Thanks to Dustin Childs and Brian Gorenc from ZDI to hear all about Pwn2Own. Thanks to Radek and Pedro for sharing their experiences of becoming the Masters of Pwn. Sponsors Support for this show comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Support for this show comes from Kars 4 Kids. Donate your car today, this organization will sell to use for their charity. View all active sponsors. Sources https://www.forbes.com/profile/lee-junghoon/?sh=49ee055fc9c7 https://www.cyberscoop.com/pwn2own-chinese-researchers-360-technologies-trend-micro/ https://twitter.com/BrendanEich/status/697889208380293120 https://www.techtimes.com/articles/247111/20200130/google-bug-bounty-2019-became-the-highest-paid-google-hackers-reaching-6-5-million.htm Learn more about your ad choices. Visit podcastchoices.com/adchoices
Chapters
This podcast discusses the world's highest paying hacker contest which is fair, transparent and open to everyone around the globe, however many good hackers still prefer to stay in the shadows.
00:00 - 01:44 (01:44)
Summary
This podcast discusses the world's highest paying hacker contest which is fair, transparent and open to everyone around the globe, however many good hackers still prefer to stay in the shadows.
Episode82: Master of Pwn
PodcastDarknet Diaries
ZDI helps security researchers by putting pressure on tech companies to quickly address reported bugs.
01:44 - 10:27 (08:43)
Summary
ZDI helps security researchers by putting pressure on tech companies to quickly address reported bugs. While several software vendors have bug bounty programs to encourage bug reporting, ZDI does not receive payment for the reported bugs.
Episode82: Master of Pwn
PodcastDarknet Diaries
The Pwn2Own contest allows security researchers to showcase their ability to exploit popular software applications, and successful exploits can provide insights that help to improve cyber defenses.
10:27 - 18:12 (07:44)
Summary
The Pwn2Own contest allows security researchers to showcase their ability to exploit popular software applications, and successful exploits can provide insights that help to improve cyber defenses. In this text, a participant recalls analyzing a particularly efficient exploit and outlines the effort and skill that goes into developing them.
Episode82: Master of Pwn
PodcastDarknet Diaries
The evolution of a cyber arms race has led to the emergence of a market for zero-day exploits, where individuals and organizations can buy and sell vulnerabilities for enormous sums of money, a practice common among nations, mercenaries, and even on the dark web.
18:12 - 22:54 (04:41)
Summary
The evolution of a cyber arms race has led to the emergence of a market for zero-day exploits, where individuals and organizations can buy and sell vulnerabilities for enormous sums of money, a practice common among nations, mercenaries, and even on the dark web.
Episode82: Master of Pwn
PodcastDarknet Diaries
The Pwn2Own contest has seen better vendor participation over the years, leading to improvements in security measures like sandbox and rendering engines in browsers.
22:54 - 29:05 (06:11)
Summary
The Pwn2Own contest has seen better vendor participation over the years, leading to improvements in security measures like sandbox and rendering engines in browsers. An example of an interesting Pwn2Own exploit is the IE exploit that forced the browser to open the on-screen keyboard and execute commands on the operating system.
Episode82: Master of Pwn
PodcastDarknet Diaries
Pwn2Own hacking contest has evolved as companies now research other research teams' techniques to find bugs that can then be submitted to the vendor prior to the contest, leading to the introduction of crowning an overall winner, Master of Pwn.
29:05 - 35:39 (06:33)
Summary
Pwn2Own hacking contest has evolved as companies now research other research teams' techniques to find bugs that can then be submitted to the vendor prior to the contest, leading to the introduction of crowning an overall winner, Master of Pwn.
Episode82: Master of Pwn
PodcastDarknet Diaries
Researchers demonstrated a technique of escaping VMware Workstation hypervisor and compromising the host operating system by exploiting a vulnerability in the VGA driver.
35:41 - 42:06 (06:25)
Summary
Researchers demonstrated a technique of escaping VMware Workstation hypervisor and compromising the host operating system by exploiting a vulnerability in the VGA driver.
Episode82: Master of Pwn
PodcastDarknet Diaries
A team involved in a smartphone hacking contest reveals how they exploit vulnerabilities in the baseband processor to gain code execution and retrieve deleted content from the phone.
42:06 - 50:07 (08:00)
Summary
A team involved in a smartphone hacking contest reveals how they exploit vulnerabilities in the baseband processor to gain code execution and retrieve deleted content from the phone.
Episode82: Master of Pwn
PodcastDarknet Diaries
Pedro and Petra team up to efficiently find zero-day vulnerabilities and have a track record of success, with over 100 RCs under Pedro's name and a passion for fresh experiences with every new exploit they discover.
50:07 - 57:30 (07:23)
Summary
Pedro and Petra team up to efficiently find zero-day vulnerabilities and have a track record of success, with over 100 RCs under Pedro's name and a passion for fresh experiences with every new exploit they discover.
Episode82: Master of Pwn
PodcastDarknet Diaries
The hacking group called Team Flashback has brought 11 working zero-day exploits to three different Pwn2Own events and has taken money home from each event.
57:30 - 1:01:35 (04:05)
Summary
The hacking group called Team Flashback has brought 11 working zero-day exploits to three different Pwn2Own events and has taken money home from each event. The group has managed to exploit devices without the user being aware of the backdoor being planted, which actually survives factory reset.
Episode82: Master of Pwn
PodcastDarknet Diaries
Radek and Pedro have discovered more than 200 zero-day exploits, while many governments and hackers are buying and keeping them as top-secret tools.
1:01:35 - 1:07:09 (05:33)
Summary
Radek and Pedro have discovered more than 200 zero-day exploits, while many governments and hackers are buying and keeping them as top-secret tools. Recent policies in China discourage researchers from sharing exploits at foreign hacking competitions.