PwnFest is a bug pwning 'festival' for better security organized by POC with the help of sponsors, vendors, and judges in 2016. You can enjoy PwnFest every year.




Virtual System


The targets of PwnFest2016 are as below:

Team List

360Vulcan & 360Alpha & 360Marvel

- Adobe Flash Player + Microsoft Edge + Windows 10 x64 RS1
- Microsoft Edge + Windows 10 x64 RS1
- VMware Workstation 12.5.1
- The Android Target: Google Pixel

- Microsoft Edge + Windows 10 x64 RS1
- VMware Workstation 12.5.1

Team Pangu & JH

- Apple Safari + macOS Sierra


Download and read the full document.

Download the full version.
PwnFest 2016("Contest") is organized by POC("Organizer") and Sponsors("Sponsor"). It will be held at the K-Hotel during POC2016 conference(Nov. 10th ~ 11th, 2016) in Seoul, Korea.

# Eligibility
- Contest doesn't put any limitation on the participants' registration except for employees of Organizer.
- A participant is not eligible for the products of his own company.
- A participant must provide valid and accurate information which will be included in the registration form provided by Organizer. If the information provided by the participant is not true, the participant may be disqualified. Organizer has rights to decide the disqualification of any participants.
- Employees of sponsors and their respective affiliates, subsidiaries, related companies, and judges are also eligible to participate in Contest. However, a judge is not eligible to participate as a contestant in the target that he is appointed as a judge. 

# Registration
- A participant can register on the Contest website.
- In case of some problems occurred in the website, a participant can contact through Organizer (pocadm@gmail.com) directly with the following information: name, email address, his target(s). And then, Organizer will get in contact with the participant directly.
- The deadline of registration is 24:00(UTC+09), November 5th, 2016.

# Targets and Prize
All targets and related operation systems will be updated to the latest and fully patched version available no later than 24:00(UTC+09), Wednesday, November 9th, 2016. All target software will be installed and configured as the default configuration.

Target Basic Reward Extra Reward
Microsoft Edge + Windows 10 x64 RS1USD $120,000USD $20,000
Microsoft Hyper-V + Windows Server 2016USD $150,000N/A
Google Chrome + Windows 10 x64 RS1USD $120,000USD $20,000
Android 7.0 + Google PixelUSD $120,000USD $20,000
Adobe Flash + Microsoft Edge + Windows 10 x64 RS1USD $100,000USD $20,000
Apple Safari + macOS SierraUSD $80,000USD $20,000
Apple iOS 10 + iPhone 7 PlusUSD $120,000USD $60,000
VMWare Workstation Pro 12 + Windows 10 x64 RS1USD $150,000N/A
The total reward pool offered by the Sponsor is 1.7 million USD.
Target Basic Medal Extra Medal
Microsoft Edge + Windows 10 x64 RS131
Microsoft Hyper-V + Windows Server 20167N/A
Google Chrome + Windows 10 x64 RS131
Android 7.0 + Google Pixel31
Adobe Flash + Microsoft Edge + Windows 10 x64 RS131
Apple Safari + macOS Sierra<21
Apple iOS 10 + iPhone 7 Plus32
VMWare Workstation Pro 12 + Windows 10 x64 RS16N/A
A Lord of Pwn, the contestant who owns the most medals will be awarded with a gold trophy. If two or more teams get the same number of medals, Organizer and Sponsor will decide who gets the trophy based on their technical performance. # Restriction of Vulnerability Reuse Regardless of how many targets one contestant participates in, a vulnerability can be used only once for all categories. # Multiple Contestants in One Target If two or more contestants registered for the same target, we will draw a random order for them. Dice will be rolled by Organizer to decide the contest order. The one who get the most dots will be the first and the rest will be done in the same manner. For the first succeed team, Sponsor will offer the full value of reward money and medals. For the second and the rest teams, if Sponsor or vendors are willing to offer reward money, the contestant will be noticed before starting the demonstration, otherwise, there will be no reward money but medals only. # Time Limitation A contestant will have 3 exploit attempts during his demonstration; each attempt must be finished within 4 minutes. The time used for network and device configuration will not be counted. # Miscellaneous - By participating in Contest, a participant must warrant that he is a sole owner of all the rights related to his vulnerability and exploit. - The contestant is responsible for any kind of legal problems which may occur from his trials to compromise targets. - All participants agree to fully indemnify Organizer and Sponsor from any and all claims by third parties in relation to Contest. - Organizer and Sponsor may cancel Contest without prior notice in the case of force majeure causes that are beyond the reasonable control of Organizer and Sponsor, including but not limited to fire, storm, earthquake, wars, revolutions, riots, civil commotion, national emergency, and act or order of any court, government or government agency. - Organizer and Sponsor can use contestant's information including but not limited to name, email, phone number only for the sake of running Contest properly. - Organizer reserves the right to change the rules of Contest for more reasonable Contest administration and participants' profit without notice. - Organizer will contact participants and notice on the website if any changes happen. - These Terms shall be governed by and construed in accordance with the laws of Republic of Korea. If any disputes arise out of or in connection with these Terms, participants agree to submit to the exclusive jurisdiction of the Korea courts.


If you have 0-days for our targets and want to enjoy our festival together, please, register. Send email with your information attached to 'pocadm @ gmail.com'
Email should include "your name", "your email" and "your targets".
Then, we will contact you.

Target vendor




Microsoft Edge
Microsoft Hyper-V



Goolgle Chrome
Google Android & Nexus 6p



Adobe Flash Player






VMware Workstation12


You can contact us by email(pocadm @ gmail. com).