Hacker News new | past | comments | ask | show | jobs | submit login
Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox (zerodayinitiative.com)
88 points by RedmondSecGnome 6 months ago | hide | past | web | favorite | 5 comments



How do these competitions work? Presumably the contestants had the exploits ready to go beforehand? Or are they only told the application they need to hack on the day - that is truly impressive if so! Are there any restrictions on the tools the contestants can use (e.g. static/dynamic analysis tools)?


>Or are they only told the application they need to hack on the day - that is truly impressive if so!

No, the applications that are available to attack are known in advance - the exploits tend to involve months of work by talented researchers.

Source: I was around at MWR (purely as an uninvolved but interested spectator) when mobile & regular pwn2own 2017/2018 were taking place.


Teams typically keep a couple of exploits up to date to demonstrate at Pwn2Own.


Why the hell people put screenshots of code in articles like that if they are able to put beautifully syntax-colored and copypasteable code snippets instead?


They need support from their CMS?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: