That's a wrap on #Pwn2Own Toronto 2023! We awarded $1,038,250 for 58 unique 0-days during the event. Congratulations to Team Viettel (@vcslab) for winning Master of Pwn with $180K and 30 points. We'll see you at Pwn2Own Automotive in Tokyo next January.
Success! Synacktiv was able to execute a heap-based buffer overflow in the kernel triggered via WiFi and leading to RCE against the Wyze Cam v3. They earn $15,000 and 3 Master of Pwn points. #Pwn2Own
Linux debugging, profiling and tracing training
Very cool course by @bootlincom
Slides: https://t.co/OxmADoTOEH
Lab exercises: https://t.co/3Irhh332w1
Lab material (.tar.xz): https://t.co/psVOfoxSbW
#Linux
On the first win of Day 3 of #P2OToronto, @biennd279 and @rskvp93 from Team Viettel (@vcslab) used a command injection on a WD NAS to help add a little extra holiday decoration to the venue! This nets the team another $20K and 4 MoP points! #Pwn2Own
Claroty Research was able to execute a chain of 3 bugs (2x Missing Auth for Critical Function and an Auth Bypass) attack against the Synology DiskStation DS920+ in the NAS category. They earn $40K and 4 Master of Pwn points. #Pwn2Own#P2OToronto
A few years old but still a super interesting case study of Wi-Fi stack
exploitation by Gal Beniamini.
The case of Broadcom chipsets.
Part 1: https://t.co/gy5Sb3SvBm
Part 2: https://t.co/O7hAQqNv4q
Part 3: https://t.co/UMlWTKHdM4
#wifi #80211 #infosec#cybersecurity#hacking