Welcome to Pwn2Own Ireland 2024 – our first event ever from the emerald isle! This year’s contest is set to be one of our largest ever – both in terms of entries and potential prizes. If everything hits, we will end up paying out over $1,000,000 in cash and prizes. We’ve got four days of…

Welcome to the first day of Pwn2Own Ireland 2024! We have four tremendous days of research planned, including multiple SOHO attempts. We’ll be updating this blog in real time as results become available. We have a full schedule of attempts today, so stay tuned! All times are Irish Standard Time (GMT +1:00). That’s a wrap…

This blog post highlights two additional vulnerabilities in the Autel Maxicharger that were exploited at Pwn2Own Automotive 2024. Details of the patches are also included. Autel has been informed and has deployed a firmware update (v1.35) to address both of these issues. If you want to read about other Autel bugs reported at Pwn2Own, you check…

It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest…

If you just want to read the rules, you can find them here. Earlier this year we held our inaugural Pwn2Own Automotive contest, and it was a rousing success. On our biggest-ever stage (literally), we awarded $1,323,750 over the three-day event as researchers from around the globe demonstrated 49 unique zero days. Today, we’re excited…

As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this final part, I ’am going to describe the PowerShell Remoting ConvertViaNoArgumentConstructor conversion mechanism, which I underestimated at the beginning of my research. It…

As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. You can read the first post in this series here. In part 2, I describe the ApprovedApplicationCollection gadget, which was available for abuse because it…

As you may know, I recently presented my Exchange-related talk during OffensiveCon 2024. This series of 4 blog posts is meant to supplement the talk and provide additional technical details. In this article, part 3 of the series, I describe a chain of 3 vulnerabilities that led to remote code execution: ·       CVE-2023-36744 – Arbitrary…

We’ve reached September and the pumpkin spice floats in the air. While they aren’t pumpkin-spiced, Microsoft and Adobe have released their latest spicy security patches – including some zesty 0-days. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the…

A CVSS score 8.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by ‘Nikolai Skliarenko of Trend Micro Security Research’ was reported to the affected vendor on: 2025-01-03, 1 days ago. The vendor is given until 2025-05-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a…