Exciting update from #QNAP ! We're boosting our product security through a partnership with Zero Day Initiative ( #ZDI ). Fresh from our participation in Pwn2Own Toronto 2023, we're advancing data protection for users worldwide. 🌍💻 #Cybersecurity #DataProtection #TechInnovation

There are some scenes from CanSecWest #pwn2own and at ~ 9 minutes in the vid
there is an interview like
'During the pwn2own some private companies come to us and ... no comment' 😂

The Flaws that Allow Hackers to Remotely Access Cars youtu.be/mp0SA6tECdg via YouTube

SPECIAL EDITION NEWSLETTER JUST DROPPED👇👇

Pwn2Own Winner Manfred Paul agreed to answer a handful of questions for this weeks newsletter

Check it out here 🏴‍☠️
blog.exploits.club/exploits-club-…

Regular recaps and job postings resuming next week

In a new guest blog, Cody Gallagher describes the bug he used to exploit #Oracle #VirtualBox at #Pwn2Own Vancouver. He gives an in-depth analysis of how he used a race condition to win $20,000 at the contest.
zerodayinitiative.com/blog/2024/5/9/…

CVE-2024-2887: A Pwn2own Winning Bug In Google Chrome zerodayinitiative.com/blog/2024/5/2/… #Pentesting #CVE #Pwn2own #BugBounty #WebSecurity #Infosec

sure, the Pwn2Own people are all high-level CTF players, but can they wear a polo and do Microsoft Teams?

In this guest blog from Master of Pwn winner Manfred Paul, he details CVE-2024-2887 - a type of confusion bug that occurs in both Google Chrome and Microsoft Edge (Chromium).

Learn more from Trend Micro's Zero Day Initiative: bit.ly/44u0J2b

#HybridL2 #GoBOB x.com/build_on_bob/s… Pwn2Own Aethir

Talking of directory traversal bugs, whats you favorite?

I had some fun back in the Android days chaining it together with multiple other logic bugs in an epub application to achieve RCE on a Huawei device:

github.com/alexplaskett/P…

QR5 Cyber Special Guest - Dustin Childs (Pwn2Own/Trend Micro) Zero Day Initiative - Vancouver 2024! #cyber #cyber security #pwn2own The Dustin Childs #ic3games USCyberGames Emu Exploit Manfred Paul x.com/i/broadcasts/1…

In a new guest blog, #Pwn2Own winner Manfred Paul details CVE-2024-2887 - a bug he used to exploit both #Chrome and #Edge during the contest on his way to winning Master of Pwn. He breaks down the root cause and shows how he exploited it. Read the details at zerodayinitiative.com/blog/2024/5/2/…

[ZDI-24-419|CVE-2024-4406] (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability (CVSS 8.8; Credit: Ken Gannon and Ilyes Beghdadi of NCC Group) zerodayinitiative.com/advisories/ZDI…

🔥 Breaking down CVE-2024-2887: Discover the Pwn2Own winning bug in Google Chrome! Dive into the technical details and implications of this vulnerability. #CyberSecurity #InfoSec #GoogleChrome bit.ly/4biRzYU

A quick word about our fall #Pwn2Own event youtube.com/shorts/IimtaPy…

[ZDI-24-418|CVE-2024-4405] (Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability (CVSS 8.8; Credit: Nguyen Xuan Hoang, vudq16, Nguyễn Đình Biển, Q5Ca from VCSLab) zerodayinitiative.com/advisories/ZDI…

In a digital comedy of errors, Manfred Paul tickled the silicon underbelly of Chrome and Edge, turning type confusion into an art form—until the patch police crashed his cyber party.

zerodayinitiative.com/blog/2024/5/2/…

Pwn2Own Miami 2022 de Zero Day Initiative – Steven Seeley et Chris Anastasio &# … hfrance.fr/pwn2own-miami-…

CVE-2024-21115: An Oracle VirtualBox LPE Used to Win Pwn2Own ift.tt/7JlkCuT
In this guest blog from Master of Pwn winner Cody Gallagher, he details CVE-2024-21115 – an Out-of-Bounds (OOB) Write that occurs in Oracle VirtualBox that can be leveraged for privilege escal…

(LinkedIn) In a new guest blog, #Pwn2Own winner Manfred Paul details CVE-2024-2887 - a bug he used to exploit both #Chrome and #Edge during the contest on his way to winning Master of Pwn. He breaks down the root cause and shows how he exploited it. Read the details at…

You know it :)
youtu.be/6FYfUv1pwAg?t=…