In 2011 the of Hack2Own winners were Nikita Tarakanov and Alexander Bazhanyuk, representatives of the CISSRT team, who demonstrated 0day vulnerability (CVE-2011-0222) in the latest version of Safari (Internet browser) for Windows and took the first prize, namely, a laptop and 50,000 rubles. This year the budget of the competition has been significantly increased up to 20,000 $. The winners will have enough money to fill the new cases with :)
This competition is divided into three categories: exploitation of web browser vulnerabilities, exploitation of kernel vulnerabilities, and exploitation of vulnerabilities in mobile devices. Detailed rules of participation are under the cut.
Attention! A laptop is required to participate in the competition.
Only one device can be attacked in a round using one attack vector; the organizers of the competition follow the link provided by a participant of the competition. In case of success in the first round, a participant takes the first prize, in case of success in the second or the third round – the second or the third prize respectively. After every exploitation attempt the operating system will be restored to its original state. A participant will succeed if after conducting a remote attack against a device he or she will be able to launch an application on that device. The organizers reserve the right to lower a participant’s rating depending on the type of vulnerability used and exploitation conditions (necessity of interaction with a user, attack development limitations and other conditions affecting CVSS severity).
- providing a software vendor with a detailed description of detected vulnerabilities;
- communicating information on the vulnerabilities to CERT;
- communicating information on the vulnerabilities via UpSploit;
- communicating information on the
vulnerabilities by means of participation in other official programs of
remuneration for detected vulnerabilities such as Zero Day Initiative.