The Tianfu Cup 2019 International Cyber Security Competition has started, in two days white hat hackers will attempt to exploit flaws in major software.
The Tianfu Cup 2019 International Cyber Security Competition has started, white hat hackers will attempt to devise working zero-day exploits for popular software.
Each working exploit receives a cash prize and points that are assigned to the team that devised it, like the popular Pwn2Own hacking contest.
Chinese white hat hackers have a long story of success, they won several international hacking contests in the past, but in 2018 the Chinese government prohibited Chinese experts in participating this kind of competition abroad.
Since the decision of the Chinese Government, the TianfuCup was set up for the first time in the fall of 2018. Last year, white hat hackers earned more than $1 million for zero-day exploits disclosed at the Tianfu Cup PWN competition.
According to the organizers, in 2018 hackers earned $1,024,000 for a total of 30 vulnerabilities. Most of the amount of money, $620,000, was paid to a team from cybersecurity firm Qihoo 360. Other participants were teams from universities, Tencent, financial service provider Ant Financial, and independent researchers.
During the Day1 of the Tianfu Cup 2019 contest 13 hacking attempts out of a total of 32 were successful, 13 attempts failed and in 12 cases the researchers abandoned the attempts.
Below the list of successful attempts:
Researchers from the ddd @ExpSky and 360vulcan @mj0011sec teams achieved remote code execution and sandbox escape on the version of Microsoft Edge based on the EdgeHTML engine. Each exploit was paid $55,000, the team .(dot) get $10,000 with RCE.
The researcher 360Vulcan @Xiaowei__ received the highest bounty in a single exploit in Day1, he devised an exploit on Ubuntu + #qemu- and achieved partial control of the host. He received a bonus of $80,000.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.