What is PWNFEST

PwnFest is a bug pwning 'festival' for better security organized by POC with the help of sponsors, vendors, and judges in 2016. You can enjoy PwnFest every year.

Windows

Android

iOS

Virtual System

Targets

The targets of PwnFest2016 are as below:

Team List

360Vulcan & 360Alpha & 360Marvel

- Adobe Flash Player + Microsoft Edge + Windows 10 x64 RS1
- Microsoft Edge + Windows 10 x64 RS1
- VMware Workstation 12.5.1
- The Android Target: Google Pixel
Lokihardt

- Microsoft Edge + Windows 10 x64 RS1
- VMware Workstation 12.5.1


Team Pangu & JH

- Apple Safari + macOS Sierra



RULE

Download and read the full document.

Download the full version.
PwnFest 2016("Contest") is organized by POC("Organizer") and Sponsors("Sponsor"). It will be held at the K-Hotel during POC2016 conference(Nov. 10th ~ 11th, 2016) in Seoul, Korea.

# Eligibility
- Contest doesn't put any limitation on the participants' registration except for employees of Organizer.
- A participant is not eligible for the products of his own company.
- A participant must provide valid and accurate information which will be included in the registration form provided by Organizer. If the information provided by the participant is not true, the participant may be disqualified. Organizer has rights to decide the disqualification of any participants.
- Employees of sponsors and their respective affiliates, subsidiaries, related companies, and judges are also eligible to participate in Contest. However, a judge is not eligible to participate as a contestant in the target that he is appointed as a judge. 

# Registration
- A participant can register on the Contest website.
- In case of some problems occurred in the website, a participant can contact through Organizer (pocadm@gmail.com) directly with the following information: name, email address, his target(s). And then, Organizer will get in contact with the participant directly.
- The deadline of registration is 24:00(UTC+09), November 5th, 2016.


# Targets and Prize
All targets and related operation systems will be updated to the latest and fully patched version available no later than 24:00(UTC+09), Wednesday, November 9th, 2016. All target software will be installed and configured as the default configuration.

Target Basic Reward Extra Reward
Microsoft Edge + Windows 10 x64 RS1USD $120,000USD $20,000
Microsoft Hyper-V + Windows Server 2016USD $150,000N/A
Google Chrome + Windows 10 x64 RS1USD $120,000USD $20,000
Android 7.0 + Google PixelUSD $120,000USD $20,000
Adobe Flash + Microsoft Edge + Windows 10 x64 RS1USD $100,000USD $20,000
Apple Safari + macOS SierraUSD $80,000USD $20,000
Apple iOS 10 + iPhone 7 PlusUSD $120,000USD $60,000
VMWare Workstation Pro 12 + Windows 10 x64 RS1USD $150,000N/A
The total reward pool offered by the Sponsor is 1.7 million USD.
Target Basic Medal Extra Medal
Microsoft Edge + Windows 10 x64 RS131
Microsoft Hyper-V + Windows Server 20167N/A
Google Chrome + Windows 10 x64 RS131
Android 7.0 + Google Pixel31
Adobe Flash + Microsoft Edge + Windows 10 x64 RS131
Apple Safari + macOS Sierra<21
Apple iOS 10 + iPhone 7 Plus32
VMWare Workstation Pro 12 + Windows 10 x64 RS16N/A
A Lord of Pwn, the contestant who owns the most medals will be awarded with a gold trophy. If two or more teams get the same number of medals, Organizer and Sponsor will decide who gets the trophy based on their technical performance. # Restriction of Vulnerability Reuse Regardless of how many targets one contestant participates in, a vulnerability can be used only once for all categories. # Multiple Contestants in One Target If two or more contestants registered for the same target, we will draw a random order for them. Dice will be rolled by Organizer to decide the contest order. The one who get the most dots will be the first and the rest will be done in the same manner. For the first succeed team, Sponsor will offer the full value of reward money and medals. For the second and the rest teams, if Sponsor or vendors are willing to offer reward money, the contestant will be noticed before starting the demonstration, otherwise, there will be no reward money but medals only. # Time Limitation A contestant will have 3 exploit attempts during his demonstration; each attempt must be finished within 4 minutes. The time used for network and device configuration will not be counted. # Miscellaneous - By participating in Contest, a participant must warrant that he is a sole owner of all the rights related to his vulnerability and exploit. - The contestant is responsible for any kind of legal problems which may occur from his trials to compromise targets. - All participants agree to fully indemnify Organizer and Sponsor from any and all claims by third parties in relation to Contest. - Organizer and Sponsor may cancel Contest without prior notice in the case of force majeure causes that are beyond the reasonable control of Organizer and Sponsor, including but not limited to fire, storm, earthquake, wars, revolutions, riots, civil commotion, national emergency, and act or order of any court, government or government agency. - Organizer and Sponsor can use contestant's information including but not limited to name, email, phone number only for the sake of running Contest properly. - Organizer reserves the right to change the rules of Contest for more reasonable Contest administration and participants' profit without notice. - Organizer will contact participants and notice on the website if any changes happen. - These Terms shall be governed by and construed in accordance with the laws of Republic of Korea. If any disputes arise out of or in connection with these Terms, participants agree to submit to the exclusive jurisdiction of the Korea courts.

REGISTER

If you have 0-days for our targets and want to enjoy our festival together, please, register. Send email with your information attached to 'pocadm @ gmail.com'
Email should include "your name", "your email" and "your targets".
Then, we will contact you.

Target vendor

list

...

Microsoft

Microsoft Edge
Microsoft Hyper-V

...

Google

Goolgle Chrome
Google Android & Nexus 6p

...

Adobe

Adobe Flash Player

...

Apple

iOS10
Safari

...

VMware

VMware Workstation12

Contact

You can contact us by email(pocadm @ gmail. com).

	-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - https://gpgtools.org

mQINBFTYKtYBEADPmLUQlZQQc1jd7iz8XNzwHXiPBvMg0TExjsc9ZUBAXgyy8U1B
8TGCJG2g8IqdhrCiTjrn9iLb5fKRy1Tf9GBDpdUxkVPDyUXXguIBRXovj3qAiUH9
97vgtT32ZWzjnHLfm0na54Ck90SW3YhMThYqXnRPCiMoG+i7QRc0XPdp6vKEh4a/
nBbKRwzMS4o+hjL2WyEWJbhV0GxV9Ypb3cqRs20vkJ1Fa39mniZS1HE4ymY7nXow
DbLebHVv+QWJGSIBpjdyTRXBb2scqDKKPia4XST3+G8Y3hpxN5edwRh2wm3T9/qe
3sjNOueUKIckUwA/a5nHDbd2JYJmt+cgbkwsZZbENCCtFPbah1PfIrLCpO2BgmMm
phQUo4mlEAOhsFG7pRKZvdkS/SzK+iLLfPq0wb3svK9SzVhvYVwssRPXMoMmsO1Q
2ezS+GMb02xx7jIDjFnoXOmFTchfYjf0XndDVpLaWcM9z5VPzWQOwDxoGAODtPGk
+GxmqiQ7b1NfpAiBUDVOaJgkmWcN1u1puqJIlxRqGkk0gjhJjKdoC5GD15ZipRMO
2x1KHPhr7r8B27KArbcHQowP8vg00Z2TCztYYnxOdw8KzPOp5sGBGAFKkdLJlALH
IChd9xtlmz73SG7V8FSuXbuk9IXdc9tHwVPvcvEPxrg9b/47nG+/g2g95wARAQAB
tBlQT0NDT04gPHBvY2FkbUBnbWFpbC5jb20+iQI9BBMBCgAnBQJU2CrWAhsDBQkH
hh+ABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEE4XircsEqDV244P/jdY/GVy
wD9tLumkVzT4tWifE9oIbZHFrU61EMOhW1LYS0TuBehFMcs3S1qcqZk0a/anQ4Cn
N8pAgzig/Qo/MezYCV93qKKtXWeJDsT3IhCVI3LCzKfQyB0qxB5cN9P89lPr4xXF
NCiA0OdDIa0mLN5mxTQ2u9Ep0Byiuk8lF+46f0iFxNd3vnh5Rh8r8Kl9hBLq1pei
MOPtT/Z4p9rbkq11v6K6gfLXEl3euPO1sbvE+I67Ewu15WVNCsyGd4XLX/APnMML
k5ya7SaNKxHQ4K7kZw7aaaUDUqvQVT3U+MzOH3y1NRNt6iVimOX9kGU/CvCTNiCZ
QvoVn46yjPltebA6cmDghyEHExttkmAtZUfpZlEy8hQ1V7TTQO1mN1D9cj/Yc1Xl
236StOYBa0Aumk1qys4AFxDb5erlQQaNFwwAWDZfkuY/W5ecKXjsZFESs7o8vrkQ
i43sYf5Qpcl1u/tW8rz+zfy+ll9rj9dlnKXIpJzUhEMN0uQ86lNLLvTLi7hWRKl+
Dq/dvd8lLbni1mffg0trCok8HyXVGrI/3BRzUcdFZhQwHdh4S0kPn75wx1irSQz+
EuZYQ1Gfym7aCP+lzg9WSrSNOaNLdzvLsDL+Ip30USenzFPspMSSacwjm6jvWoHW
QKfst1ozlNFeAVdWTByQVxOtxzlaUUUH/SGUuQINBFTYKtYBEACljYetq2Te3UuX
NSZK0+8bfJqgAVaRiQ0x1cHAFW7S07EmkBm5I3u+hTR6+Fx0+RZSnsMYdIrQGxk2
Nd7FNQopCNWvOX1zUtJKHXdP+cLeQSCgh3LBKbDBneUDGBHdkFt5cWUJmC2Legau
JYwry5t0Rk4EXE1Zyvi8ockej992xuVojJcujdpTnFkcGF0JundKHopgeIS9wwAB
H0t9iNr40ldwOMElzFSLpCs3v7oUhqHFNPISIukno5HKL88/edG1VGEPuoTMlvYO
iDJLO6td+MQFSDwtuE/BbfZg61fwOttlb7SU1NGFSuXmqJTs8pidgG7B3azfe2aF
raRc0x66uAVFaOO7SJQ8ek/RbZWLL2a8WwxRmET1rRr2btuQ1XWqrUGN/mO9+0F0
huYsc7iW8SE+1tbtr1uI9RJRno1hFTa7QZfUvy6qE+ZLpFd1i0JnxLc/8vAamwO8
1fmw7cn+0vI5WU9qmW+l6lbKoqS7v7Y5LIlO1wl49fl0PSVUcWF78cfyeoiCNXYx
oB7P11+EZohfr6t2jrMom2riX3sWz03H9dweDvtvsWDQET0ZiGKKiSGfNab1EuTf
DLXbGw5VF/2qWS5b5xUZV4cpXq4XT1qaDOFVWNDrjL7fBlsdRbURvF+YICUVlPp9
q07xFrWz1z+176rnaEJTawomSwj9XQARAQABiQIkBBgBCgAPBQJU2CrWAhsMBQkH
hh+AAAoJEE4XircsEqDVxBkP9iYEhPqZ+kc92k3+Wh8NoDpvqrcK4BGggzj0+w0e
8IjsaFTxcpq+7eo+y3PfX24yyCuebEwjIsjmQPTvgy0V0JzjxNQWZ0QUcM+pnYNq
PiwdmRCmDFPiT8TG8vWiQ+G2f3h+jkWm1exXud2Am6zSLNzQlzOVvCtMag8TA/c9
IWUd1m/6BIHKHRjOmxDfXKXcutijboE2ShghcUnezZ+xrjuTe/Yc9zeqj8i/oT9/
+xTVTFeGiqm0dRKdSlpgHlscsezeEGrWt76h08tFjEWhvgU2bXKHMUj3Vdgzxos5
+fFpnLsjF6qQbx6ml3hXPBww7C8uIN0G7JTTpH06eb90RGa5Jn9n39e2aoxpCDLP
PcW0PtDRLJoFywShJhh8a+dCNdN76gYva0UKOxifMWg3O4HzkjuJNNYIuKA2PXw8
DScc1m5NkHrucej5xDLqQSwcFt4tI4wlgE7CoU93kVoW+eqeFr67sV7j/koKSkoj
4XwtJjQQiCApXg016C7uiJCP0Cgdxuu/OjyAHQGNeO5EJ19c2sSq0LzwurReSqB4
rSbNmoLI0m6wgp2h/UL57NHTbSGbwcOCkM+SOqoRlj1Sam/kCWeZFVylRDyIBp7e
N8Ip8HQfZ5EE8v3tOOx2OpYf2S1h+ZBRnVoHg5IOups2cQj0z+t1RIgKApwFTR05
3WE=
=qh1M
-----END PGP PUBLIC KEY BLOCK-----