The first day of Pwn2Own Ireland 2024 has concluded with an impressive showcase of cybersecurity prowess, as hackers demonstrated their skills by uncovering 52 zero-day vulnerabilities.
The event, held at Trend Micro’s offices in Cork, awarded a total of $486,250 to participants who successfully exploited these vulnerabilities across various devices and systems.
Highlights from Day One
Viettel Cyber Security (@vcslab) emerged as a frontrunner in the competition, securing an early lead for the coveted “Master of Pwn” title with 13 points.
National Cybersecurity Awareness Month Cyber Challenges – Test your Skills Now
Their standout performance included a successful attack on the Lorex 2K WiFi camera using a stack-based buffer overflow and an untrusted pointer dereference, earning them $30,000 and three Master of Pwn points.
.webp)
Another remarkable achievement came from Sina Kheirkhah of the Summoning Team (@SummoningTeam), who utilized nine different bugs to exploit the QNAP QHora-322 through to the TrueNAS Mini X.
This complex attack earned him $100,000 and ten Master of Pwn points, highlighting the intricate nature of modern cybersecurity threats.
Several teams demonstrated exceptional technical skills with successful exploits:
- Jack Dates of RET2 Systems used an Out-of-Bounds (OOB) write to exploit the Sonos Era 300 speaker, earning $60,000 and six Master of Pwn points.
- Team Neodyme exploited an HP Color LaserJet Pro MFP 3301fdw printer using a stack-based buffer overflow, securing $20,000 and two Master of Pwn points.
- ExLuck exploited the QNAP TS-464 NAS device using four bugs, including improper certificate verification and a hardcoded cryptographic key, earning $40,000 and four Master of Pwn points.
Despite numerous successes, not all attempts were fruitful. Can Acar (@canacar_t) face challenges with the Synology TC500 camera exploit, unable to get it working within the allotted time? Similarly, Sina Kheirkhah encountered difficulties with multiple devices throughout the day.
The event also saw unique approaches to exploitation. The Synacktiv team managed to exploit the Ubiquiti AI Bullet using three distinct bugs for a second-round win that netted them $15,000 and three Master of Pwn points.
Meanwhile, some teams had to withdraw their attempts or faced failures due to time constraints or technical difficulties.
As Pwn2Own Ireland continues over the next few days, anticipation builds for more groundbreaking discoveries and intense competition. With over $1 million in potential prizes up for grabs throughout the event, participants are motivated to push the boundaries of cybersecurity research.
The event underscores the critical role of such competitions in identifying vulnerabilities before they can be exploited maliciously in real-world scenarios. As technology evolves, so too does the need for robust security measures to protect against increasingly sophisticated cyber threats.
Stay tuned for further updates as Pwn2Own Ireland progresses, showcasing both the challenges and triumphs of today’s top cybersecurity researchers.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here