HP’s Zero Day Initiative Announces Pwn2Own 2014

Pwn2Own 2014 prizes and targets announced

Pwn2Own 2014, the hacking contest of HP’s Zero Day Initiative, will take place on March 12, 13 at the CanSecWest 2014 security conference in Vancouver, Canada. Organizers say the cash and non-cash awards are expected to total over $500,000 (€370,000).

As in the previous year, contestants will test their hacking skills against browsers and plug-ins. However, this year, a new challenge called Grand Prize has been introduced.

ZDI is prepared to award $150,000 (€111,000) to the researcher who can crack Microsoft’s “most powerful protections,” particularly the Enhanced Mitigation Experience Toolkit (EMET).

Competitors will have to hack browsers, plug-ins or the Microsoft protections on fully patched versions of Windows 8.1 x64 and OS X Mavericks running default configurations.

The rewards are the following for each target:

• Adobe Reader in IE 11 on Windows 8.1 x64: $75,000 (€55,000)
• Adobe Flash in IE 11 on Windows 8.1 x64: $75,000 (€55,000)
• Oracle Java in IE 11 on Windows 8.1 x64 (requires click-through bypass): $30,000 (€22,000)

• Google Chrome on Windows 8.1 x64: $100,000 (€74,000)
• IE 11 on Windows 8.1 x64: $100,000 (€74,000)
• Firefox on Windows 8.1 x64: $50,000 (€37,000)
• Safari on OS X Mavericks: $65,000 (€48,000)

“Exploit Unicorn” Grand Prize:
• SYSTEM-level code execution on Windows 8.1 x64 on IE 11 x64 with EMET bypass: $150,000 (€111,000)

Besides the cash prizes, winners will also be allowed to keep the laptops on which they demonstrate their exploits, and they’ll get 20,000 ZDI reward points.

As always, contestants will have to disclose the technical details of the exploits and vulnerabilities to affected vendors. The POCs become HP’s property. It’s worth noting that Google is also sponsoring Pwn2Own 2014.

Those who want to participate must pre-register by sending an email to zdi@hp.com.

Additional details are available on the official Pwn2Own 2014 website.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s