fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Researchers Earn $1,2 million For Exploits Demoed At Pwn2Own 2021

Researchers Earn $1,2 million For Exploits Demoed At Pwn2Own 2021

Pwn2Own 2021 ended with contestants earning a record $1,210,000 for exploits and exploits chains demoed over the course of three days.

During this year’s hacking competition, 23 teams and researchers and security researchers targeted multiple products in the web browsers, virtualization, servers, local escalation of privilege, and enterprise communications categories.

The total prize pool for Pwn2Own 2021 was over $1,500,000 in cash and included a Tesla Model 3.

While no team signed up to hack a Tesla car this year, the contestants gained code execution and escalated privileges on fully patched systems after hacking Windows 10, Microsoft Teams, Microsoft Exchange, Ubuntu Desktop, Google Chrome, Microsoft Edge, Safari, and Parallels Desktop.

The competition ended with a tie between Team DEVCORE, OV, and Computest’s Daan Keuper and Thijs Alkemade, each of them earning $200,000 and 20 Master of Pwn points.

Also Read: 10 Practical Benefits of Managed IT Services

Pwn2Own 2021 results
Pwn2Own 2021 results (ZDI)

$600,000 earned for three successful attempts

Team DEVCORE achieved remote code execution on a Microsoft Exchange server by chaining together an authentication bypass and a local privilege escalation on the first day of Pwn2Own 2021.

The security researcher known as OV online demoed code execution on a machine running Microsoft Teams by combining two separate security bugs.

Last but not least, on the second day, Computest’s Daan Keuper and Thijs Alkemade gained code execution by hacking the Zoom Messenger using a zero-click exploit chain combining three different bugs, a feat considered by many the highlight of Pwn2Own 2021.

The contestants also hacked Microsoft’s Windows 10 operating system four times during the competition to escalate to SYSTEM privileges from a normal user on fully patched machines and demoed an exploit for a bug that Microsoft was already aware of.

They also gained root privileges on fully patched Ubuntu Desktop machines twice and demonstrated a third exploit that abused a bug already known by the vendor.

After the vulnerabilities are exploited and reported during Pwn2Own, vendors are given 90 days to develop and release security fixes until Zero Day Initiative publicly discloses them.

Also Read: What is Pentest Report? Here’s A Walk-through

You can watch recordings of all three Pwn2Own 2021 contest days below.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us