The 2017 Pwnie Nominee For Epic Achievement

360 Security (Qihoo)

@mj0011sec

This team took away ZDI’s Pwn2Own master prize by chaining three 0day exploits, taking them from browser sandbox to virtual machine escape on a fully patched VMWare Workstation. This was a first for ZDI. The initial vulnerability exploited a heap overflow in Microsoft Edge, followed by a kernel type confusion bug, ending in an uninitialized buffer vulnerability in SVGA, resulting in the highest payout from ZDI ($105k).