2020 Pwnie Award Nominees
Best Client-Side Bug
Remote Memory Corruption Bug in MacOS Bluetooth
Best Cryptographic Attack
Cellebrite Good Times, Come On
TPM Fail: TPM Meets Timing and Lattice Attacks
Best Privilege Escalation Bug
Exploiting the Wi-Fi Stack on the Tesla Model S
Exploiting the “noowners” Flag – APFS Privilege Escalation
Pulse Connect Secure, Pulse Policy Secure, Pulse Secure Desktop Client RCE
Windows ALPC Elevation of Privilege Vulnerability
ZombieVPN, Breaking That Internet Security
Best Server-Side Bug
BraveStarr – A Fedora 31 netkit telnetd remote exploit
Dabman & Imperial (i&d) – Multiple Vulnerabilities
HAProxy: Out-of-Bounds Write in HTTP2 HPACK Dynamic Table
Remote Code Execution in Citrix ADC
Remote Code Execution in qmail
Best Song
Confessions of a Hacker known as Kingpin – Joe Grand Story
Lady Ada – Powertrace (Pokerface Song Parody / PLATYPUS Paper Teaser)
Very Serious Problems (The Internet Has Problems)
Epic Achievement
Ben Nassi, Yaron Pirutin, Adi Shamir, Yuval Elovici, Boris Zadov
David Wang, Stanislaw Skowronek
Evilsocket and pwnagotchi contributors
Lamest Vendor Response
CHAL-TEC GmbH, aka Electronic Star, aka Auna
Open Source Security, Inc – grsecurity/PaX
Most Epic Fail
Oracle WebLogic Server c/o Oracle
Windows Defender c/o Microsoft
Most Innovative Research
BaseSAFE: Baseband SAnitized Fuzzing through Emulation
DNS Cache Poisoning Attack Reloaded
Hidden Propery Abusing in Node.js
How to Exfiltrate Internal Information Using Web Proxies
InternalBlue, Spectra, ToothPicker, Frankenstein
NetCAT: Practical Cache Attacks from the Network.
TRRespass: When Memory Vendors Tell You Their Chips Are Rowhammer-free, They Are Not.
Vancouver Hospitals Pager Breach
Web Cache Deception in the Wild
Most Under-Hyped Research
Cellebrite Good Times, Come On
Cisco Adaptive Security Appliance Vulnerabilities
Vulnerabilities in System Management Mode (SMM) and Trusted Execution Technology (TXT)