You are welcome to discuss various security topics with our professional team and other users like you!
Read our Registration Agreement and create your FREE account here!



  • **
  • 68
  • +26/-0
      • View Profile
Pwnie Awards 2016 Nominees! Should we be laughing or what?
« on: July 20, 2016, 04:46:39 pm »
Pwnie for Best Server-Side Bug

Cisco ASA IKEv1/IKEv2 Fragmentation Heap Buffer Overflow (CVE-2016-1287)
ImageTragick (CVE-2016–3714)
Stagefright via MMS (CVE-2015-1538)
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
Apache Commons Collections Java Object Deserialization RCE (CVE-2015-4852)
Samsung Galaxy Edge Baseband Stack Overflow (CVE-2015-8546)

Pwnie for Best Client-Side Bug

MS16-006 Silverlight BinaryReader Out-Of-Bounds Write RCE (CVE-2016-0034)
glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547)
MS15-131 Microsoft Office RCE Vulnerability (BadWinmail) (CVE-2015-6172)
MS15-078 OpenType Font Driver Vulnerability (CVE-2015-2426)
Stagefright via Web Browser (CVE-2015-1538)

Pwnie for Best Privilege Escalation Bug

SETFKEY FreeBSD Kernel Vulnerability (CVE-2016-1886)
Widevine QSEE TrustZone Privilege Escalation (CVE-2015-6639)
AMD Piledriver Microcode VM Ring 3 to Host Ring 0
Linux iovec overrun memory corruption (CVE-2015-1805)
Apple Mac OS X WindowServer Use-After-Free (CVE-2016-1804)

Pwnie for Best Cryptographic Attack (new for 2016)

Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS
BlueCoat's Intermediate CA Certificate
Got HW crypto? On the (in)security of a Self-Encrypting Drives series
OpenSSL Key Recovery Attack on DH small subgroups (CVE-2016-0701)

Pwnie for Best Junk or Stunt Hack (new for 2016)

WhatsApp Message Hacked By John McAfee And Crew
Remotely Killing a Jeep on the Highway
Hacking a Linux-Powered Rifle
"60 Minutes" Hacking Your Phone with a Hacked Phone
Security Analysis of Emerging Smart Home Applications

Pwnie for Best Branding
Nominees (with the best sites and logos):

Badlock Samba bug (CVE-2016-2118)
Mousejack wireless keystroke injection bug
MySQL crypto downgrade (CVE-2015-3152)
SSLv2 Cryto attack [DROWN Attack] (CVE-2016-0800)

Pwnie for Best Song

Host Unknown - Accepted the Risk
AMETIX - The Geek Song
Katie Moussouris - Cyber-lair
fbz- Root Rights are a Grrl's Best Friend

:D What do you guys think? Oh, btw, the awards will be given during this year's Black Hat USA Conference. Anyone attending?