Pwnie Awards 2017

Winners of Pwnie Awards 2007

Pwnie for Best Server-Side Bug

Awarded to the person who discovered the most technically sophisticated or interesting server side bug. This includes any software that is accessible remotely.

  • Solaris in.telnetd remote root exploit (CVE-2007-0882)

    Discovered by: Kingcope

    This mindblowingly simple vulnerability does not require any special hacking tools or shellcode. It can be exploited with nothing more than a standard telnet client and leads to instant root on Solaris 10 and 11. The best part is that the exact same vulnerability was reported to Bugtraq back in 1994. For more details see the original advisory and detailed analysis of the bug.

Pwnie for Best Client-Side Bug

Awarded to the person who discovered the most technically sophisticated and interesting client bug. In 2007 the term ‘client’ is pretty much synonymous with ‘web browser’, but don't forget about all those QuickTime bugs!

  • Unhandled exception filter chaining vulnerability (CVE-2006-3648)

    skape & skywing

    This vulnerability allows the exploitation of any unhandled exception in Internet Explorer, including NULL-pointer dereferences. It was described in Exploiting the Otherwise Non-exploitable on Windows, published in Uninformed Vol. 4. Bugs like this happen once in a decade.

Pwnie for Mass 0wnage

Awarded to the person who discovered the bug that resulted in the most widespread exploitation. Also known as the ‘Pwnie for Breaking the Internet.’

  • WMF SetAbortProc remote code execution (CVE-2005-4560)

    Discovered by: anonymous

    The remote code execution vulnerability in the WMF file format was a feature, not a bug. The exploit was discovered in the wild in December of 2005 and led to massive exploitation on the Interweb. This vulnerability deserves an award for its obviousness, ease of exploitation and high impact.

Pwnie for Most Innovative Research

Awarded to the person who published the most interesting and innovative research in the form of a paper, presentation, tool or even a mailing list post.

  • Temporal Return Addresses


    Using timers and tick counters as shellcode opcodes? We'll just have to wait until 2010 to see some awesome exploits. Published in Uninformed Vol. 2.

Pwnie for Lamest Vendor Response

Awarded to the vendor who mishandled a security vulnerability most spectacularly.

  • OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)

    OpenBSD team

    The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it. A week later Core Security had developed proof of concept code that demonstrated remote code execution. Read the full timeline and quotes in the Core advisory.

Pwnie for Most Overhyped Bug

Awarded to the person who discovered a bug resulting in the most hype on the Internets and in the traditional media. Extra points for bugs that turn out to be impossible to exploit in practice.

  • MacBook Wi-Fi Vulnerabilities

    David Maynor

    David Maynor demostrated exploiting a remote vulnerability in a third party wireless driver for an Apple Macbook in a video shown at BlackHat USA and DefCon 2006 and mentioned that Apple's built-in wireless drivers also had security problems. Two months later, Apple released security updates to the wireless drivers but without crediting Maynor claiming that he never provided evidence of any vulnerabilities within the Apple-supplied wireless drivers and that the updates were the result of a proactive security audit. Maynor presented at BlackHat DC 2007 in February, showing his e-mails to Apple explaining how to set up an 802.11 fuzzing machine and demonstrating a remote kernel panic triggered over 802.11. In the end, the only public information about Maynor's Wi-Fi vulnerabilities are hype, denial, a media frenzy, and a patch that may or may not have been based on Maynor's findings.

Pwnie for Best Song

What kind of award ceremony does not have an award for best song? Let's see if anybody can beat Derek's Twas the night before Christmas.

  • Symantec Revolution


    We've got your personal firewalls,
    security is where we stand tall.
    Our brands are known for quality,
    guaranteed to help you succeed!

    We're the leader in Internet security
    People trust our work implicitly
    This world wide conference is to prove Symantec's hot hot hot!
    So raise the roof.

    Symantec Revolution! We're giving you sweet solutions!

Nominations opened.
Nominations closed.
The list of nominees is announced.
Awards ceremony at the BlackHat USA conference in Las Vegas.
Awards Ceremony
when Wed, Aug 8th 2018
where BlackHat USA 2018, Lagoon JK (Level 2), Mandalay Bay, Las Vegas