Darknet Diaries

82: Master of Pwn

Jan 5, 2021
Dustin Childs, a Senior Communications Manager for the Zero Day Initiative, Brian Gorenc, Senior Director at Trend Micro, and Pedro, a member of the renowned Team Flashback, discuss the thrilling Pwn2Own hacking contest. They delve into the discovery of zero-day vulnerabilities, showcasing how hackers exploit browsers, phones, and even cars. Ethical implications of the exploit broker market are explored, alongside personal stories of triumph and challenges faced in this competitive arena. Expect insights into the evolving relationship between security researchers and software vendors!
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

First Pwn2Own

  • At CanSecWest, a MacBook was offered as a prize to anyone who could hack it.
  • Dino Dai Zovi won by exploiting a bug in QuickTime, earning $10,000 and the MacBook.
INSIGHT

Pwn2Own Expands

  • Pwn2Own expanded to include web browsers and different operating systems.
  • Attackers could compromise a computer simply by having the user visit their website.
ANECDOTE

Vupen's Chrome Exploit

  • Vupen exploited Chrome in 2014 using a use-after-free vulnerability and an undocumented Windows feature.
  • They bypassed the sandbox by loading a COM control onto the clipboard, executing code upon right-click.
Get the Snipd Podcast app to discover more snips from this episode
Get the app