Pwn2Own Toronto 2022 - Day Four Results and Master of Pwn
December 09, 2022 | Dustin ChildsWelcome back to the final day of Pwn2Own Toronto for 2022! Yesterday, we awarded another $253,500 USD, which brings our three-day total to $934,750. While that alone would make it an amazing event, we’ve got another full day of exploitation ahead of us. Stay tuned as we update this blog with results as we get them and total the points to crown the Master of Pwn.
Results current as of 16:30. All times Eastern (GMT-5). All denominations are in USD.
And we are finished! All of the Day Four results are below. We awarded another $55,000 today bringing our contest total to $989,750. Over the contest, we purchased 63 unique zero days. The Master of Pwn title came down to the wire, but the team from DEVCORE claimed their second title with winnings of $142,500 and 18.5 points. Team Viettel and the NCC group were close behind with 16.5 and 15.5 points respectively. Congratulations to all the contestants and Pwn2Own winners.
Day Four Results
FAILURE - Quarkslab was unable to get their exploit of the NETGEAR WAN interface working within the time allotted.
FAILURE - Peter Geissler was unable to get his exploit of the Lexmark MC3224i printer working within the time allotted.
BUG COLLISION - The NCC Group was able to execute their code execution attack against the WAN interface of the Canon printer. However, the exploit they used was previously in the contest. They still earn $5,000 and 1 Master of Pwn points.
FAILURE - The Nettitude team was unable to get their exploit of the WAN interface of the NETGEAR router working within the time allotted.
BUG COLLISION - The Synacktiv team was able to execute their attack against the Canon printer with with a heap overflow. However, the exploit they used was previously used prior in the contest. They still earn $5,000 and 1 Master of Pwn points.
SUCCESS - Chris Anastasio used a heap-based buffer overflow to exploit the Lexmark printer, which earns him $10,000 and 1 Master of Pwn point.
BUG COLLISION - The NCC Group was able to execute their RCE attack against the WAN interface of the Synology router. However, the exploit they used was previously used in the contest. They still earn $5,000 and 1 Master of Pwn points.
SUCCESS - The ANHTUD Information Security Department used another heap-based overflow to exploit the Canon printer and add $10K to their contest total.
BUG COLLISION - The DEVCORE team may have had a collision against the Lexmark printer in their last attempt, but the $5k and 1 Master of Pwn points confirms their win of Master of Pwn - the second time they've reached that summit!
BUG COLLISION - The Sonar team successfully demonstrated there exploit of the WAN interface of the Synology router. However, the bug they used had been previousy demonstrated during the contest. They still earn $5,000 and 1 Master of Pwn points.
SUCCESS - The namnp team showed a surprised Pikachu on the Canon printer, but the Pikachu was the only one surprised with the results. Their unique bug earned them $10,000 and 1 point towards Master of Pwn.