/i/2005058678.png?fit=%2C&ssl=1)
The Dutch Computest Sector 7 team has scored the most points in Pwn2Own Miami 2022, the three-day hacking competition organized annually by the Zero Day Initiative.
Daan Keuper and Thijs Alkemade of the Sector 7 team of Computest already knew 90 points after two of the three days of hacking and $90,000 to amass in the Pwn2Own competition† With that they won the title of Master of Pwn. On day one, they found a vulnerability in Inductive Automation’s Ignition that allowed them to run code on the software. Ignition concerns so-called scada software for industrial systems. On day one, they also found a vulnerability in Aveva Edge, also industrial software for supervisory control and data acquisition† The duo ended the day exploiting a bug in calc, although this bug had already been exposed during the competition.
The most interesting vulnerability revealed by the two involved bypassing the trustworthiness of applications under the OPC UA standard. This is an OPC Foundation standard for the interoperability, security and reliability of industrial systems. The Pwn2Own organization spoke of one of the most interesting bugs they had seen in the competition. This earned Computest Sector 7 $40,000.
Pwn2Own is a hacking contest that is held every year. During the competition, ethical hackers are challenged to find new vulnerabilities in certain software. Successful attempts are rewarded with a monetary amount, which depends on the software in which the vulnerability is found. Keuper and Alkemade also won Pwn2Own in April of last year, partly after they found a vulnerability in Zoom. Tweakers then spoke to the pair about their work.
—
