REGISTER

TyphoonCon // All Offensive Security Conference // Seoul // Korea 2019

REGISTER

TyphoonPwn 2020 Specifics

Apple 

Safari RCE – $80K USD

  • Works on iPhone 11 or on MacOSX , latest version. 

iOS PE

  • iPhone XR –  $60K USD

         o From App / user to Kernel

         o Latest version

  • iPhone 11 – $80K USD

         o From App / user to Kernel

         o Latest version

 Linux

LPE – $50K USD

  • User to root
  • PE should bypass LSM (Linux Security Module) such as AppArmor and SELinux
  • PE Should run on latest versions on at least 2 of the following distributions:

         o Ubuntu – currently 19.4

         o Debian – currently 9

         o Fedora – currently 29

         o CentOS – currently 7

  • PE should gain root unconfined.
  • Minimum Kernel version – 4.x
  • On field – will be tested on ubuntu.

Chrome

RCE – $80K USD

  • Runs on latest version
  • Works on latest version
  • Achieves shellcode with breakpoint popped out
  • Runs on Windows latest Build, 64-bits

SBX

Note – One prize would be given to participants that their SBX applies to both categories

 Chrome SBX on Windows – $80K USD

  • The vulnerability has to be in Chrome browser
  • Researcher should patch Chrome’s sources in order to demonstrate the exploit.
  • Will take the researcher an hour to test

o Should be well documented, otherwise it would take longer

Android

SBX

  • Galaxy A10 – SM-10- $50K USD

o Android 10

o Should run code on 64-bit

o Latest kernel, latest security update

  • Pixel 4 – $80K USD

o Android 10

o Latest kernel, latest security update

o Should run code on 64-bit

 Android Kernel PE

  • Galaxy A10 – SM-10 – $50K USD

o Android 10

o Latest kernel, latest security update

o Exploit has to run code and gain root from untrusted_app

  • Pixel 4 – $80K USD

o Android 10

o Latest kernel, latest security update

o Exploit has to run code and gain root from untrusted_app

 

 Windows

PE

  • Medium to System – $10K USD
  • Should work on latest version (19H2) on default Windows configurations.
  • Success measurement(One of the above):

o Raise a bp in a system process

o Pop cmd in system privileges

o Run an arbitrary shellcode with system privileges

  • From Chrome Sandbox to Kernel – $40K USD

o Should work on latest version (19H2) on default Windows configurations.

o Success measurement(One of the above):

o Raise a bp in the kernel

o Pop cmd in high privileges

o Run an arbitrary shellcode in the kernel

o BSOD (researcher will probably get a lower prize)

o HVCI Bypass – $50K USD

o From system to kernel, when HVCI turned on

o Should work on latest version (19H2 – latest insider), on default Windows configurations.

o Success measurement

o Run an arbitrary shellcode with an arbitrary size in the kernel (shellcode / unsigned driver)

 Exchange 

All items below must work on at least one of the latest version of Exchange 2013, Exchange 2016 or Exchange 2019

Pre Authentication RCE – $75K USD

o Run Code with Exchange permissions (nt system)

o write file to the disk (WebShell)

o must work on default configurations

o remote code execution on Exchange without authentication

o success measurement

Post Authentication RCE – $60K USD

o Run Code with Exchange permissions (nt system)

o write file to the disk (WebShell)

o must work on default configurations

o Remote code execution on Exchange server after authentication

o Success measurement

Impersonation – $40K USD

o Successfully read and write emails as any user in the system, while authenticated as other.

o must work on default configurations

o Impersonation Vulnerability

o Success measurement – 

Aauthentication bypass – $40K USD

o login as user for one or more of Exchange interfaces (OWA, EWS, Etc..) and read and write emails.

o must work on default configurations

o Success measurement