Authenticated! dungdm (@_piers2) with Viettel Cyber Security (@vcslab) used a single Use-After-Free (UAF) bug to exploit the #Sonos Era 300. The second-round win earns him $30,000 and 6 Master of Pwn points. #Pwn2Own #P2OIreland

The Synacktiv Team (@Synacktiv) used a combination of 3 different bug to exploit the Ubiquiti AI Bullet. All bugs were unique, so there second round win nets them $15,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Wow! Ryan Emmons (@the_emmons) and Stephen Fewer (@stephenfewer) of Rapid7 had to rewrite their exploit on the clock, but their second attempt against the Synology DiskStation DS1823xs+ succeeded! They head off to the disclosure room to provide the details. #Pwn2Own #P2OIreland

Confirmed! @dungnm, @dungdm, & @tunglth of @vcslab used a heap-based buffer overflow to exploit the Synology TC500. IN doing so, they earn $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Whew! On their second attempt, the team from STEALIEN Inc. was able to exploit the Ubiquiti AI Bullet camera. They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OIreland

Confirmed! The STEALIEN Inc. team used a combination of bugs in their attack chain to exploit the #Ubiquity AI Bullet and flash the lights (plus get a root shell). Their work earns them $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Boom! The @Synacktiv ninjas need very little time to exploit the #Ubiquiti AI Bullet camera. Their flashy demo sends them off to the disclosure room to dish the details.

Most impressive! @the_emmons and Stephen Fewer @stephenfewer of Rapid7 used an Improper Neutralization of Argument Delimiters bug to exploit the Synology DiskStation DS1823xs+ -- and it works or other Synology devices too! They earn $40,000 and 4 Master of Pwn points. #Pwn2Own

Sweet! Jack Dates of RET2 Systems (@ret2systems) made quick work of the Synology DiskStation DS1823xs+ NAS. He's off to disclosure to show us how it's done. #Pwn2Own #P2OIreland

Boom! ExLuck (@pivik_) finishes Day One with a successful exploit of the #Ubiquiti AI Bullet camera. He heads off to the final disclosure of the day. #Pwn2Own #P2OIreland

MemProcFS now supports console text recovery!

Recover text from Cmd and Powershell to Find Evil with MemProcFS super fast memory forensics!

https://github.com/ufrisk/MemProcFS

Very nice! @dungnm, @dungdm, & @tunglth of @vcslab successfully demonstrated their exploit of the Synology TC500 camera. The move off to the disclosure room to provide the details. #Pwn2Own #P2OIreland

Nice! The DEVCORE Research Team (@d3vc0r3) wasted no time exploited the TrueNAS Mini X NAS device. They head off to the disclosure room to dish the deets. #Pwn2Own #P2OIreland

ATT&CKCon 5.0 is officially on. Check it out via livestream for free: https://www.mitre.org/events/attackcon-5

The Archive is back! (In read only mode). Get to the things you love, and we will continue our quest to be dependable, clean up the mess left behind, and be there for you.

https://archive.org

Do we need a project for archiving the internet archive?

Google kernelCTF LTS/COS 0-day WIN!

Successfully exploited an extremely complex race condition 0-day vuln on two instances without using namespaces 🎉

work with @_qwerty_po