Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Pwn2Own 2017 First Day Report – MS Edge, Adobe Reader, Ubuntu and Safari Browser Hacked By Researchers

 

The biggest hacking contest “Pwn2Own” has been started. The “Pwn2Own 2017” is celebrating its 10th anniversary in Vancouver city of Canada. This year’s Pwn2Own contest has been organized by Zero Day Initiative (ZDI) and security firm Trend Micro. In Pwn2Own 2017, hackers from every corner of the world are doing work together to exploit “Zero Day” security vulnerabilities. A Zero Day vulnerability can be defined as a security loophole which is not publically disclose to anyone. The bug hunters are winning thousands of dollars as the prize. On the first day of “Pwn2own 2017” contest, the security experts successfully hacked Adobe Reader, MS Edge, Apple’s safari browser and Ubuntu.

 

Contestants And Prize Amount

The total amount of prize is $1 Million USD. Moreover, the hackers could also earn the devices which they will hack. The eleven groups of competitors are fighting for this huge amount. The amount of bounty depends on the type of security vulnerability. The products for hacking have been categorized by Trend Micro and ZDI (Zero Day Initiative) into five different categories:

  • Web Browsers and Plugins
  • Enterprise Applications
  • Virtual Machine (VM) Escapes
  • Server Side
  • Local Privilege Escalation

 

Complete First Day Report of Pwn2Own 2017

A total amount of $233,000 has been earned by different security experts on the first day by disclosing serious security loopholes. The first prize of “Pwn2Own 2017” won by “@mj011sec” security researcher for hacking Adobe Reader on Windows. This security researcher belongs to Chinese Security firm Qihoo360. The team got $50,000 cash prize and 6 points towards Master of Pwn. A jpeg2000 heap overflow and a Remote Code Execution (RCE) vulnerability have been exploited by the security researcher and his team to hack the Adobe Reader.

 

After that, the Team Sniper from Tencent Security successfully hacked Adobe Reader once again. The Team Sniper exploited an information disclosure vulnerability and a use-after-free vulnerability to execute a code. The team also exploited a use-after-free kernel vulnerability to gain SYSTEM level privileges. The Team Sniper got $25,000 cash prize and 6 master of Pwn points. The team Ether of Tencent Security Firm, win the highest prize of $80,000 for hacking Edge browser of Microsoft. They team also got 10 masters of Pwn points.

 

In the mid-morning of Pwn2Own 2017’s first day, the security researchers Niklas Baumastark and Samuel Grob win $28,000 and 9 master of Pwn points for hacking Apple’s Safari browser. By exploiting a UAF (Use-after-free) vulnerability with 3 other bugs, both the researchers successfully showed a special message on targeted Mac’s touch bar.

 

The team of Chaitin Security Research Lab hacked Ubuntu Linux in the afternoon for the first time in the history of Pwn2Own. The team got out-of-bound access by exploiting a Linux kernel vulnerability. The team got $15,000 as the prize and 3 master of Pwn points. The very same team also hacked Apple’s Safari browser with an escalation to root on MacOS. For this exploit, the team got another $35,000 and 11 master of Pwn points. The security researchers at Chaitin Security Research Lab exploited 6 bugs of Safari to do so.

 

Stay tuned with us..

Source: securityaffairs.co

 

Also Read:

“Pwn2Own 2016” contestants earned $2,80,000 by hacking Chrome, Flash Player and Safari!

Intel Launched its Bug Bounty Program Through HackerOne, Maximum Amount of Reward is $30000

“Avast” Released a Free Decryption Tool for “FindZip Mac OS Ransomware” Victims

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.