The annual Pwn2own browser hacking competition has risen to mythical status over the years, with tall tales of security researchers exploiting browser technologies thought to be secure in minutes. For their efforts, research have been awarded cash and prized by the event’s sponsor, Hewlett-Packard’s (HP) Zero Day Initiative (ZDI).
HP has now released the rule for the upcoming 2014 event and adding a new category never seen before in a security competition – the Exploit Unicorn.
The Exploit Unicorn is a challenge that will require the successful security research to bypass multiple level of security on multiple technologies in order to be victorious. To claim the Exploit Unicorn a security researcher will need to exploit Microsoft Windows Internet Explorer 11 running on 64-bit Windows 8.1 operating system, with the Enhanced Mitigation Experience Toolkit (EMET) (http://support.microsoft.com/kb/2458544)running.
The EMET hook is the real catch in the Exploit Unicorn challenge, providing a walled garden of security around an application that should make it near impossivle for an attacker to bypass – but that is the challenge. Whoever is able to claim the Exploit Unicorn will claim an impressive cash prize of $150,000 from HP.
Brian Gorenc, Manager, Vulnerability Research, HP Zero Day Initiative told eWEEK that Microsoft is not sponsoring this year’s Pwn2Own competition.