Pwine Award Winners

2023

Best Desktop Bug: CountExposure!

Best Cryptographic Attack: Video-based cryptanalysis: Extracting Cryptographic Keys from Video Footage of a Device’s Power LED

Best Song: Clickin’

Most Innovative Research: Inside Apple’s Lightning: Jtagging the iPhone for Fuzzing and Profit

Most Under-Hyped Research: Activation Context Cache Poisoning

Best Privilege Escalation Bug: URB Excalibur: Slicing Through the Gordian Knot of VMware VM Escapes

Best Remote Code Execution Bug: ClamAV RCE

Lamest Vendor Response: Three Lessons From Threema: Analysis of a Secure Messenger

Most Epic Fail: “Holy fucking bingle, we have the no fly list,”

Epic Achievement: Clement Lecigne: 0-days hunter world champion

Lifetime Achievement Award: Mudge


2022

Best Song: Dialed Up

Lamest Vendor Response: Google’s top security teams unilaterally shut down a counterterrorism operation

Epic Achievement: Yuki Chen’s Windows Server-Side RCE Bugs

Most Epic Fail: HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains

Best Desktop Bug: Architecturally Leaking Data from the Microarchitecture

Most Innovative Research: Custom Processing Unit: Tracing and Patching Intel Atom Microcode

Best Cryptographic Attack: Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86

Best Remote Code Execution Bug: Windows RPC Runtime Remote Code Execution (CVE-2022-26809)

Best Privilege Escalation Bug: Mystique in the House: The Droid Vulnerability Chain That Owns All Your Userspace

Best Mobile Bug: FORCEDENTRY

Most Under-Hyped Research: Spoofing IP with IPIP


2021

Lamest Vendor Response: Cellebrite Response to Moxie

Best Privilege Escalation Bug: Heap-based buffer overflow in Sudo!

Best Song: The Ransomware Song

Best Server-Side Bug: Microsoft Exchange Server (CVE-2021-26855, CVE-2021-27065, and others TBD)

Best Cryptographic Attack: NSA/CVE-2020-0601

Most Innovative Research: Speculative Probing: Hacking Blind in the Spectre Era

Most Epic Fail: PrintNightmare

Best Client-Side Bug: Exploiting Samsung Secure Chip (CVE-2020-28341)

Most Under-Hyped Research: 21 Nails

Epic Achievement: Prank Calls for Truth

Epic Achievement: Ilfak Guilfanov


2020

Best Server-Side Bug: BraveStarr – A Fedora 31 netkit telnetd remote exploit

Best Privilege Escalation Bug: checkm8 – Epic JailBreak

Epic Achievement: Guang Gong

Best Cryptographic Attack: Zerologon

Best Client-Side Bug: RCE on Samsung Phones via MMS

Most Under-Hyped Research: Vulnerabilities in System Management Mode (SMM) and Trusted Execution Technology (TXT)

Most Innovative Research: TRRespass: When Memory Vendors Tell You Their Chips Are Rowhammer-free, They Are Not.

Most Epic Fail: Microsoft

Best Song: Lady Ada – Powertrace (Pokerface Song Parody / PLATYPUS Paper Teaser)

Lamest Vendor Response: Daniel J. Bernstein


2019

Most Innovative Research: Vectorized Emulation

Most Under-Hyped Research: Thrangrycat

Most Epic Fail: Bloomberg’s Infosec Fan Fiction

Most Over-Hyped Bug: Super Micro – The big hack

Lamest Vendor Response: BitFi

Best Cryptographic Attack: Dr4g0nbl00d

Best Privilege Escalation Bug: iOS CVE-2019-6225

Best Client-Side Bug: The Horrible Facetime Group Messaging Bug

Best Server-Side Bug: Pulse Secure SSL VPN (and others!)

Epic Achievement: Steve Christey Coley


2018

Lifetime Achievement Award: Michał Zalewski

Most Over-Hyped Bug: Holey Beep

Lamest Vendor Response: Bitfi

Most Innovative Research: Spectre/Meltdown

Best Cryptographic Attack: Return Of Bleichenbacher’s Oracle Threat

Best Privilege Escalation Bug: Meltdown and Spectre

Best Client-Side Bug: The 12 Logic Bug Gifts of Christmas

Best Server-Side Bug: Intel AMT Remote Vulnerability


2017

Best Server-Side Bug: CVE-2017-0143, 0144, 0145

Lifetime Achievement Award: Felix “FX” Lindner

Epic 0wnage: Shadow Brokers dumps

Most Epic Fail: Laws Down Under

Best Song: Hello (Covert Channel)

Most Over-Hyped Bug: Enter 30 to shell – Cryptsetup bug

Lamest Vendor Response: SystemD bugs

Most Innovative Research: ASLR on the line

Epic Achievement: Federico Bento

Best Branding: GhostButt

Best Backdoor: M.E.Doc

Best Cryptographic Attack: The first collision for full SHA-1

Best Privilege Escalation Bug: Drammer: Deterministic Rowhammer Attacks on Mobile Platforms

Best Client-Side Bug: Microsoft Office OLE2


2016

Epic 0wnage: The Juniper Backdoor

Lifetime Achievement Award: Mudge

Best Song: “Cyberlier”

Most Over-Hyped Bug: Badlock (CVE-2016-0128)

Lamest Vendor Response: “WD MyPassword Drive”

Most Innovative Research: Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector

Epic Achievement: Never Giving Up and Never Letting Us Down (CVE-2000-A-BUNCH-OF-THEM)

Best Branding: Mousejack wireless keystroke injection bug

Best Junk or Stunt Hack: Remotely Killing a Jeep on the Highway

Best Backdoor: Juniper ScreenOS: 哈哈哈哈哈哈 (CVE-2015-7755 & CVE-2015-7756)

Best Cryptographic Attack: SSLv2 Crypto attack (CVE-2016-0800)

Best Privilege Escalation Bug: Widevine QSEE TrustZone Privilege Escalation (CVE-2015-6639)

Best Client-Side Bug: glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)

Best Server-Side Bug: Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow (CVE-2016-1287)


2015

Epic 0wnage: Hacking Team

Lifetime Achievement Award: Halvar Flake

Most Epic Fail: Oh, Please… Man!

Best Song: “Clean Slate”

Most Over-Hyped Bug: Shellshock (CVE-2014-6271)

Lamest Vendor Response: “A Peek Under The Blue Coat”

Most Innovative Research: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Best Privilege Escalation Bug: UEFI SMM Privilege Escalation

Best Client-Side Bug: Will it BLEND? (CVE-2015-0093, CVE-2015-3052)

Best Server-Side Bug: SAP LZC LZH Compression Multiple Vulnerabilities (CVE-2015-2278, CVE-2015-2282)


2014

Best Server-Side Bug: Heartbleed (CVE-2014-0160)

Best Client-Side Bug: Google Chrome Arbitrary Memory Read Write Vulnerability (CVE-2014-1705)

Best Privilege Escalation Bug: AFD.sys Dangling Pointer Vulnerability (CVE-2014-1767)

Most Innovative Research: RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis

Lamest Vendor Response: AVG Remote Administration Insecure “By Design”

Best Song: “The SSL Smiley Song”

Most Epic Fail: Goto Fail

Epic 0wnage: Mt. Gox


2013

Best Server-Side Bug: Ruby on Rails YAML (CVE-2013-0156)

Best Client-Side Bug: Adobe Reader Buffer Overflow and Sandbox Escape (CVE-2013-0641)

Best Privilege Escalation Bug: iOS incomplete codesign bypass and kernel vulnerabilities (CVE-2013-0977, CVE-2013-0978 and CVE-2013-0981)

Most Innovative Research: Identifying and Exploiting Windows Kernel Race Conditions via Memory Access Patterns

Best Song: All the Things

Most Epic Fail: Nmap: The Internet Considered Harmful – DARPA Inference Checking Kludge Scanning

Epic 0wnage: Joint nomination to Edward Snowden and the NSA


2012

Best Client-Side Bug: Pinkie Pie’s Pwnium Exploit

Best Client-Side Bug: Sergey Glazunov’s Pwnium Exploit

Best Server-Side Bug: “Are we there yet?” MySQL Authentication Bypass (CVE-2012-2122)

Best Privilege Escalation Bug: MS11-098: Windows Kernel Exception Handler Vulnerability (CVE-2011-2018)

Most Innovative Research: Packets in Packets: Orson Welles’ In-Band Signaling Attacks for Modern Radios

Best Song: Control

Most Epic Fail: F5 Static Root SSH Key

Epic 0wnage: “Flame” Windows Update MD5 Collision Attack


2011

Best Server-Side Bug: ASP.NET Framework Padding Oracle (CVE-2010-3332)

Best Client-Side Bug: FreeType vulnerability in iOS (CVE-2011-0226)

Best Privilege Escalation Bug: Windows kernel win32k user-mode callback vulnerabilities (MS11-034)

Most Innovative Research: Securing the Kernel via Static Binary Rewriting and Program Shepherding

Lamest Vendor Response: RSA SecurID token compromise

Best Song: The Light It Up Contest

Most Epic Fail: Sony

Most Epic Fail: Sony

Most Epic Fail: Sony

Most Epic Fail: Sony

Most Epic Fail: Sony

Epic 0wnage: Stuxnet


2010

Best Server-Side Bug: Apache Struts2 framework remote code execution (CVE-2010-1870)

Best Client-Side Bug: Java Trusted Method Chaining (CVE-2010-0840)

Best Privilege Escalation Bug: Windows NT #GP Trap Handler (CVE-2010-0232 )

Most Innovative Research: Flash Pointer Inference and JIT Spraying

Lamest Vendor Response: LANRev remote code execution

Best Song: Pwned – 1337 edition

Most Epic Fail: Microsoft Internet Explorer 8 XSS filter


2009

Best Server-Side Bug: Linux SCTP FWD Chunk Memory Corruption (CVE-2009-0065)

Best Privilege Escalation Bug: Linux udev Netlink Message Privilege Escalation (CVE-2009-1185)

Best Client-Side Bug: msvidctl.dll MPEG2TuneRequest Stack buffer overflow (CVE-2008-0015)

Epic 0wnage: Red Hat Networks Backdoored OpenSSH Packages (CVE-2008-4250)

Most Innovative Research: From 0 to 0day on Symbian

Lamest Vendor Response: Linux

Most Over-Hyped Bug: MS08-067 Server Service NetpwPathCanonicalize() Stack Overflow (CVE-2008-4250)

Best Song: Nice Report

Most Epic Fail: Twitter Gets Hacked and the “Cloud Crisis”

Lifetime Achievement Award: Solar Designer


2008

Best Server-Side Bug: Windows IGMP kernel vulnerability (CVE-2007-0069)

Best Client-Side Bug: Multiple URL protocol handling flaws

Mass 0wnage: An unbelievable number of WordPress vulnerabilities (CVE-2008-*)

Most Innovative Research: Lest We Remember: Cold Boot Attacks on Encryption Keys

Most Innovative Research: Defeating a VM packer with a decompiler written in OCaml

Lamest Vendor Response: McAfee’s “Hacker Safe” certification program

Most Over-Hyped Bug: Unspecified DNS cache poisoning vulnerability (CVE-2008-1447)

Best Song: Packin’ The K!

Most Epic Fail: Debian for shipping a backdoored OpenSSL library for two years (CVE-2008-0166)

Most Epic Fail: Windows Vista for proving that security does not sell

Lifetime Achievement Award: Tim Newsham


2007

Mass 0wnage: WMF SetAbortProc remote code execution (CVE-2005-4560)

Best Server-Side Bug: Solaris in.telnetd remote root exploit (CVE-2007-0882)

Best Client-Side Bug: Unhandled exception filter chaining vulnerability (CVE-2006-3648)

Most Innovative Research: Temporal Return Addresses

Lamest Vendor Response: OpenBSD IPv6 mbuf kernel buffer overflow (CVE-2007-1365)

Most Over-Hyped Bug: MacBook Wi-Fi Vulnerabilities

Best Song: Symantec Revolution