Introducing….

…your 2021 nominations!!! Thanks to our partners at Blackhat, the Awards will be broadcast live from the Blackhat main stage, August 4th 5:30pm PT! If you’re in town, come join us! For winners and prior winners who are in town, please contact us to join the afterparty.

Without further ado:

Best Cryptographic Attack

Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86

Dragondoom

0 & 00


Best Desktop Bug

Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine)

Architecturally Leaking Data from the Microarchitecture

Attacking developer tools


Best Mobile Bug

FORCEDENTRY

Trust Dies in Darkness

1 byte out-of-bounds write in the Google Titan M chip


Best Privilege Escalation Bug

Unprotecting Samsungs TrustZone implementation by smashing the TZASC configuration

Mystique in the House: The Droid Vulnerability Chain That Owns All Your Userspace

SpoolFool


Best Remote Code Execution Bug

Windows RPC Runtime Remote Code Execution (CVE-2022-26809)

Tesla RCE

Microsoft Exchange Server Remote Code Execution Vulnerability


Best Song

Utku Şen – Fare

Dialed Up

Side channels are everywhere – The theme song of the side channel security sitcom


Epic Achievement

Yuki Chen’s Windows Server-Side RCE Bugs

pwnkit: Local Privilege Escalation in polkit’s pkexec (CVE-2021-4034)

THAT VIASAT THINGIE


Lamest Vendor Response

Google’s top security teams unilaterally shut down a counterterrorism operation

Heroku Silence

Critical vulnerabilities in HCL DX (Previously known as IBM WebSphere Portal)


Most Epic Fail

HiKam – “Hi – I’m (not) your Kam”

HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains


Most Innovative Research

FirmWire

Custom Processing Unit: Tracing and Patching Intel Atom Microcode

V-Shuttle: Scalable and Semantics-Aware Hypervisor Virtual Device Fuzzing


Most Under-Hyped Research

PHP Supply Chain Attack on PEAR

Intel BIOS Shared SW Architecture (BSSA) Design for Test (DFT) escalation of privilege

Spoofing IP with IPIP