2017 Pwnie Award Nominees

Best Backdoor

M.E.Doc

SUN8I_ROOT_DEVICE / rootmydevice

SonicWall GMS Backdoor

Best Branding

Cloudbleed

DirtyCOW

GhostButt

RingRoad

Best Client-Side Bug

Compromising Linux using SNES Sony SPC700 Processor Opcodes

Microsoft Office OLE2

One Byte Overflow and Symlinks

Project Zero vs Malware Protection Service

Pwning the Nexus

Best Cryptographic Attack

Critical vulnerability in JSON Web Encryption

Flip Feng Shui: Hammering a Needle in the Software Stack

The first collision for full SHA-1

Best Privilege Escalation Bug

Blitzard

Drammer: Deterministic Rowhammer Attacks on Mobile Platforms

task_t considered harmful – many XNU EoPs

x86: broken check in memory_exchange() permits PV guest breakout

xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window

Best Server-Side Bug

CVE-2016-6309

CVE-2016-6432

CVE-2017-0143, 0144, 0145

CVE-2017-0290

CVE-2017-5689

Cloudbleed

Best Song

0x0A Hack Commandments

Hello (Covert Channel)

If you like hacking Pineapples

Machines of Loving Disgrace

Ransomware

Epic 0wnage

FlexiSpy hack

Shadow Brokers dumps

WannaCry

Epic Achievement

360 Security (Qihoo)

Federico Bento

Janus

Ke Liu

Spencer McIntyre

Lamest Vendor Response

Callisto NOMX

SystemD bugs

eVestigator

Lifetime Achievement Award

Felix “FX” Lindner

Most Epic Fail

Cloudbleed

HTTPSafe Browser

Laws Down Under

Leaky OpSec Leaking Leakers

Most Innovative Research

ASLR on the line

American Fuzzy Lop

Bochspwn Reloaded

Drammer

Ghost telephonist

Most Over-Hyped Bug

Cloak and Dagger

Dirty Cow

Enter 30 to shell – Cryptsetup bug

Wannacry kill switch (CVE-2017-0144)