Sweet! The InfoSect (@infosectcbr) team successfully exploited the Sonos Era 300 speaker. They head of to the disclosure room to divulge how they did it. #Pwn2Own #P2OIreland

We have another bug collision. The Tenable Group used a stack-based buffer overflow to exploit the Lorex 2K camera, but the bug had already been used in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland

#programming #names Aargh

Throw the programmers in the sea

Authenticated! dungdm (@_piers2) with Viettel Cyber Security (@vcslab) used a single Use-After-Free (UAF) bug to exploit the #Sonos Era 300. The second-round win earns him $30,000 and 6 Master of Pwn points. #Pwn2Own #P2OIreland

The Synacktiv Team (@Synacktiv) used a combination of 3 different bug to exploit the Ubiquiti AI Bullet. All bugs were unique, so there second round win nets them $15,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Wow! Ryan Emmons (@the_emmons) and Stephen Fewer (@stephenfewer) of Rapid7 had to rewrite their exploit on the clock, but their second attempt against the Synology DiskStation DS1823xs+ succeeded! They head off to the disclosure room to provide the details. #Pwn2Own #P2OIreland

Confirmed! @dungnm, @dungdm, & @tunglth of @vcslab used a heap-based buffer overflow to exploit the Synology TC500. IN doing so, they earn $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Whew! On their second attempt, the team from STEALIEN Inc. was able to exploit the Ubiquiti AI Bullet camera. They're off to the disclosure room to explain how they did it. #Pwn2Own #P2OIreland

Confirmed! The STEALIEN Inc. team used a combination of bugs in their attack chain to exploit the #Ubiquity AI Bullet and flash the lights (plus get a root shell). Their work earns them $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OIreland

Boom! The @Synacktiv ninjas need very little time to exploit the #Ubiquiti AI Bullet camera. Their flashy demo sends them off to the disclosure room to dish the details.

Most impressive! @the_emmons and Stephen Fewer @stephenfewer of Rapid7 used an Improper Neutralization of Argument Delimiters bug to exploit the Synology DiskStation DS1823xs+ -- and it works or other Synology devices too! They earn $40,000 and 4 Master of Pwn points. #Pwn2Own

Sweet! Jack Dates of RET2 Systems (@ret2systems) made quick work of the Synology DiskStation DS1823xs+ NAS. He's off to disclosure to show us how it's done. #Pwn2Own #P2OIreland

Boom! ExLuck (@pivik_) finishes Day One with a successful exploit of the #Ubiquiti AI Bullet camera. He heads off to the final disclosure of the day. #Pwn2Own #P2OIreland

MemProcFS now supports console text recovery!

Recover text from Cmd and Powershell to Find Evil with MemProcFS super fast memory forensics!

https://github.com/ufrisk/MemProcFS

Very nice! @dungnm, @dungdm, & @tunglth of @vcslab successfully demonstrated their exploit of the Synology TC500 camera. The move off to the disclosure room to provide the details. #Pwn2Own #P2OIreland