Google kernelCTF LTS/COS 0-day WIN!

Successfully exploited an extremely complex race condition 0-day vuln on two instances without using namespaces 🎉

work with @_qwerty_po

Success! It took nearly the entire allotted time, but the Viettel Cyber Security (@vcslab) team was abot to complete their SOHO SMASHUP, going from the QNAP QHora-322 to the TrueNAS Mini X. They are off to the disclosure room with the details. #Pwn2Own #P2OIreland

Boom! ExLuck (@ExLuck99) of ANHTUD successfully exploited the QNAP TS-464 NAS device. He's off to the disclosure room with the details.

How awesome is this birthday cake? Real LEDs embedded in it and controlled from an #RC2014! Multiple modes, including Kill The Bit game!

Fantastic work by the hugely talented @shieladixon ♥️

The dark side of the Force is a pathway to many abilities some consider to be...unhinged

We've had our first collision of #Pwn2Own Ireland. The @Synacktiv team exploited the #Lorex camera with two bugs, but one had previously been used in the contest. They still earn $11,250 and 2.25 Master of Pwn points. #P2OIreland

Green Day “demastered” their 1994 album Dookie into 15 “obscure, obsolete, and inconvenient” formats, like wax cylinder, Fisher Price record, Teddy Ruxpin, and player piano roll. This is amazing. https://www.dookiedemastered.com/

Verified! PHP Hooligans / Midnight Blue (@midnightbluelab) used a single bug to exploit the Canon imageCLASS MF656Cdw printer. They earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland

Nice! Team Neodyme (@neodyme) wasted no time exploiting the HP Color LaserJet Pro MFP 3301fdw printer. They head off to the disclosure room to provide the details. #Pwn2Own #P2OIreland

Sweet! PHP Hooligans / Midnight Blue (@midnightbluelab) were able to exploit the #Canon imageCLASS MF656Cdw printer without problems. They head to the disclosure room with the details. #Pwn2Own #P2OIreland

On their second attempt, the @Synacktiv team was able to exploit the #Lorex 2K Indoor Wi-Fi camera. They're off to the disclosure room to provide details. #Pwn2Own #P2OIreland

Confirmed! Team Neodyme (@neodyme) used a stack-based buffer overflow to exploit the HP Color LaserJet Pro MFP 3301fdw printer. The earn $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland

Never underestimate the bandwidth of an airplane loaded with racks full of disk packs

Wow! @SinSinology of Summoning Team @SummoningTeam used a total of 9(!) different bugs to go from the QNAP QHora-322 through to the TrueNAS Mini X. His effort earns him $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OIreland

Confirmed! phudq and namnp from Viettel Cyber Security (@vcslab) used a stack-based buffer overflow and an untrusted pointer deref to exploit the #Lorex 2K camera. They earn $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Sweet! It took two attempts, but Jack Dates of RET2 Systems (@ret2systems) succeeded in exploiting the Sonos Era 300 smart speaker. He's off to provide all the details to us and #Sonos now #Pwn2Own #P2OIreland

Here are the first attempts for #Pwn2Own Ireland:

We need to differentiate talks between those which bring a scientific contribution (something new & inventive inside) and talks which are helpful to bring the audience up to speed on a given topic (e.g. overview of botnets in the wild, or status of obfuscation...)