Introducing….

…your 2021 nominations!!! Thanks to our partners at Blackhat, the Awards will be broadcast live from the Blackhat main stage, August 4th 5:30pm PT! If you’re in town, come join us! For winners and prior winners who are in town, please contact us to join the afterparty.

Without further ado:

Best Cryptographic Attack

Video-based cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED

Practically exploitable cryptographic vulnerabilities in Matrix

MEGA: Malleable Encryption Goes Awry


Best Desktop Bug

CountExposure!

CS:GO: From Zero to 0-day;

LPE and RCE in RenderDoc, CVE-2023-33865 & CVE-2023-33864


Best Privilege Escalation Bug

UNCONTAINED: Uncovering Container Confusion in the Linux Kernel

Bypassing Cluster Operation in Databricks Platform

URB Excalibur: Slicing Through the Gordian Knot of VMware VM Escapes


Best Remote Code Execution Bug

ClamAV RCE

Checkmk RCE

Unveiling Vulnerabilities in Windows Network Load Balancing: Exploring the Weaknesses


Best Song

Git Init

PegaSUS

Clickin’


Epic Achievement

Clement Lecigne: 0-days hunter world champion

Compromise of the whole PHP supply chain, twice

Branch History Injection (BHI / Spectre-BHB)


Lamest Vendor Response

Three Lessons From Threema: Analysis of a Secure Messenger

Authentication Bypass in Mura CMS

Pinduoduo publishes spyware, denies it


Most Epic Fail

“Holy fucking bingle, we have the no fly list,”

“I Was Sentenced to 18 Months in Prison for Hacking Back”

The disreputable … Jonathan Scott


Most Innovative Research

Rowhammer Fingerprinting

Single Instruction Multiple Data Leaks in Cutting-edge CPUs, AKA Downfall

Inside Apple’s Lightning: Jtagging the iPhone for Fuzzing and Profit


Most Under-Hyped Research

Perils and Mitigation of Security Risks of Cooperation in Mobile-as-a-Gateway IoT

LPE and RCE in RenderDoc, CVE-2023-33865 & 33864

Activation Context Cache Poisoning