o From App / user to Kernel
o Latest version
o From App / user to Kernel
o Latest version
o Ubuntu – currently 19.4
o Debian – currently 9
o Fedora – currently 29
o CentOS – currently 7
Note – One prize would be given to participants that their SBX applies to both categories
Chrome SBX on Windows – $80K USD
o Should be well documented, otherwise it would take longer
o Android 10
o Should run code on 64-bit
o Latest kernel, latest security update
o Android 10
o Latest kernel, latest security update
o Should run code on 64-bit
o Android 10
o Latest kernel, latest security update
o Exploit has to run code and gain root from untrusted_app
o Android 10
o Latest kernel, latest security update
o Exploit has to run code and gain root from untrusted_app
o Success measure – Should pop a message box with any text
o Should work on latest Samsung S series device, with the latest Android version. Should include info leak.
Price for that bug
o Raise a bp in a system process
o Pop cmd in system privileges
o Run an arbitrary shellcode with system privileges
o Should work on latest version (19H2) on default Windows configurations.
o Success measurement(One of the above):
o Raise a bp in the kernel
o Pop cmd in high privileges
o Run an arbitrary shellcode in the kernel
o BSOD (researcher will probably get a lower prize)
o HVCI Bypass – $50K USD
o From system to kernel, when HVCI turned on
o Should work on latest version (19H2 – latest insider), on default Windows configurations.
o Success measurement
o Run an arbitrary shellcode with an arbitrary size in the kernel (shellcode / unsigned driver)
All items below must work on at least one of the latest version of Exchange 2013, Exchange 2016 or Exchange 2019
o Run Code with Exchange permissions (nt system)
o write file to the disk (WebShell)
o must work on default configurations
o remote code execution on Exchange without authentication
o success measurement
o Run Code with Exchange permissions (nt system)
o write file to the disk (WebShell)
o must work on default configurations
o Remote code execution on Exchange server after authentication
o Success measurement
o Successfully read and write emails as any user in the system, while authenticated as other.
o must work on default configurations
o Impersonation Vulnerability
o Success measurement –
o login as user for one or more of Exchange interfaces (OWA, EWS, Etc..) and read and write emails.
o must work on default configurations
o Success measurement