Darknet Diaries 82: Master of Pwn
Jan 5, 2021
Dustin Childs, a Senior Communications Manager for the Zero Day Initiative, Brian Gorenc, Senior Director at Trend Micro, and Pedro, a member of the renowned Team Flashback, discuss the thrilling Pwn2Own hacking contest. They delve into the discovery of zero-day vulnerabilities, showcasing how hackers exploit browsers, phones, and even cars. Ethical implications of the exploit broker market are explored, alongside personal stories of triumph and challenges faced in this competitive arena. Expect insights into the evolving relationship between security researchers and software vendors!
AI Snips
Chapters
Transcript
Episode notes
First Pwn2Own
- At CanSecWest, a MacBook was offered as a prize to anyone who could hack it.
- Dino Dai Zovi won by exploiting a bug in QuickTime, earning $10,000 and the MacBook.
Pwn2Own Expands
- Pwn2Own expanded to include web browsers and different operating systems.
- Attackers could compromise a computer simply by having the user visit their website.
Vupen's Chrome Exploit
- Vupen exploited Chrome in 2014 using a use-after-free vulnerability and an undocumented Windows feature.
- They bypassed the sandbox by loading a COM control onto the clipboard, executing code upon right-click.