GeekPwn,first worldwide security geek carnival on smart devices.

中文 English

Geeks, are the people passionate to technologies. Pwn, generally means breaking through the security constraints. GeekPwn, Chinese name “极棒”，is a platform for Geeks who have extraordinary ideas to demonstrate how they PWN the smart devices. GeekPwn is the first security event worldwide to focus on devices of smart life, initialized by nongovernmental security community and opened to worldwide geeks. GeekPwn plans three month time to ensure that geeks who want to participate have adequate time to do the research and make preparation, and the event will be Oct 24th 2014. GeekPwn is initialized and organized by KEEN, co-organized by XCon Conference. We also have a strong judge and counsellor committee which is made up of top security experts worldwide. Looking forward to brilliant geek shows in GeekPwn and we will recognize and reward the geeks who demonstrate extraordinary ideas in the event.

Why to organize GeekPwn?

Find the unsung but extraordinary geeks, stimulate new ideas that may change the world, make smart devices which get more important to our life more secure.

Who can participate GeekPwn? How to register “Call for Pwn”? Can I participate as an audience?

GeekPwn is an open event and we accept registrations from worldwide applicants. After applicants submit the request, it will take 3 to 5 working days for GeekPwn judge committee reviewing the application and making decision whether it can be passed or not based on applicant’s idea submission. Of course, we will also do ethical check of the applicants. GeekPwn is only opened to the audience who register XCon conference.

What kind of ideas can pass judge committee review?

We accept any extraordinary geek ideas. We only categorize the smart devices into smart transportation, smart housing, smart wearable, smart entertainment and smart phone/tablet without detailed rules (except the event items which follow HP's Pwn2Own rules). If you can use smart watch to control a car remotely, or you can control a smart toilet to be a musical fountain, feel free to submit your application to GeekPwn.

What do I need to prepare to participate GeekPwn?

The GeekPwn event on Oct 24th and 25th is show time for you. You need to show how the PWN techniques work with the smart devices provided by GeekPwn. It does mean a lot of preparation work before the event. You need to implement your techniques and do feasibility verification. What you need to do during the event is to demonstrate it. To ensure the fairness, all the PWN devices at the event show will be provided by GeekPwn, and all the devices’ operating system will be upgraded to the latest version available on September 30th 2014.
In short, choose the device you want to PWN, implement the PWN techniques, submit your application, keep the details of PWN techniques with you until the event, verify the PWN techniques can still work after device system upgrade after September 30th, show time on Oct 24th and 25th.

Can I still apply for a device category if other geeks have applied?

Of course, GeekPwn allows multiple participations on a single device category. For the details on how to reward if there are multiple winners for one device category, please refer to the rules on GeekPwn website.

Will GeekPwn winners have reward?

Yes, GeekPwn has prepared an initial prize pool with 3 million CNY. With more and more device manufactures providing sponsorship, additional prize will be added into the prize pool.

I have PWN idea in my mind of a device, but could not get the device to do research.

GeekPwn built up research labs in different cities, China and US, providing hot devices on consumer market to support you do the research at the labs. Feel free to go to the GeekPwn research labs to implement your ideas.

I know a super Geek and can I recommend him/her to GeekPwn?

Appreciate, if the geek you recommend win at GeekPwn, you will get 10% of the winner prize as your reference prize.

I have more questions on GeekPwn.

Feel free to go through the website for detailed GeekPwn information. You can also contact us with WeChat, Weibo, Twitter(all “GeekPwn”). We will also publish new information of GeekPwn event through them.

Date: Oct 24th and 25th, 2014 Initial Prize Pool: 3 Million CNY

July 15th, 2014

“GeekPwn & XCon Security Geek Contest” Media Press
July 24th, 2014

Start registration of Call For Pwn
GeekOwn Official Website is Online

Initial Prize Pool: 3 Million CNY, Single device item prize 500 thousand CNY. 9 GeekPwn Labs opened in China and US. Geeks, your show time!
July 30th, 2014

First GeekPwn Saloon is Tsinghua University
August 19th, 2014

GeekPwn Saloon at GeekPwn & VenusTech Lab, Beijing
August 23rd, 2014

GeekPwn Saloon at GeekPwn & Antiy Lab, Wuhan
August 26th, 2014

GeekPwn Saloon at Tencent, Shenzhen
18:00-20:00, Sept 4th, 2014

“GeekPwn Saloon & North America Geek Gathering” at GeekPwn Silicon Valley Lab
Address: 97 Brokaw RD, suite 300, San Jose, CA 95112
September 26th, 2014

GeekPwn & Antiy Lab Opening and Saloon, Haerbin
September 28th, 2014

GeekPwn Saloon at GeekPwn & Dbappsecurity Lab, Hangzhou
September 30th, 2014

Deadline of registration
October 24th and 25th, 2014

GeekPwn Event
Address: Beijing Marriott Hotel City Wall, 7 Jian Guo Men South Avenue, Dongcheng District, Beijing 100005, China

GeekPwn focuses on 5 Smart Device categories: Smart Vehicle, Smart Home, Smart Wearable, Smart Entertainment and Smart Phone/Tablet.

Judging | Restrictions & Notifications

1. The Pwn target devices will be installed with stock ROM/applications with default configurations. If ROM is upgradable, the device will be installed with the latest version publicly available 30 days before the contest.

2. All the technical approaches must be contestant’s original work. All the public known PWN approaches could not be used and win the contest. Winners need to submit technical details to judge committee before getting the reward prize.

3. If more than one contestant registers in a given device category, the order of the contestants will be based on the registration time. If more than one contestant successfully demonstrates the PWN in a given device category, judge committee will verify whether the technical approach is same or not. For winners with same approach, only first winner will win prize. For winners with different approach, the one who made the Pwn in the shortest time will win half of the prize and the others share the other half of the prize equally.

4. GeekPwn judge committee will provide additional prize to contestant according to the novel level and difficult level of the technical approaches.

5. For the devices and technical approach which are not covered by the current categories and rules, GeekPwn judge committee will define additional rules accordingly.

6. GeekPwn judge committee reserves the right of final interpretation of contest rules.

1. GeekPwn organizing committee (“the committee” in below description) recognizes the technical capability of the winner individually, but doesn’t acknowledge that it has linkage to winner’s working organization.

2. The committee doesn’t acknowledge the contest result directly reflect the security level of the smart devices.

3. The committee restrictedly follows the responsible disclosure to device manufactures. All the details of Pwn technical approaches will be disclosed to the representatives from the according device manufactures privately by committee and contestant. If no representatives from the manufacture is at the scene, all the information will be disclosed to manufactures offline after the contest. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

4. The committee commits that foreign judges will only participate the judgment of devices categories of foreign manufactures.

5. The committee guarantees that contestant’s private personal information will not be disclosed to third-party or used for commercial activities without contestant agreement and authentication.

Register | Recommend | Play in Labs

1. GeekPwn accepts contestant registration since July 24th, 2014. We welcome any registration in contestant’s own name. The committee reserves the right to reject the registration of contestant who has record of criminal or violating code of ethics.

2. Contestant can visit GeekPwn website to download the “Call For Pwn” registration form. Please fill the form with accurate and detailed information, then send email to cfp@geekcon.top with the registration form.

3. The Committee will qualify contestant to attend GeekPwn event within 5 working days. During the period, the committee may contact the contestant to ask for more information which can help to make the judgment.

4. When the contestant is qualified, the committee will setup and announce the device category. The device will be provided during GeekPwn event for contestant to demonstrate the Pwn technical approach.

5. After the contestant is qualified, contestant needs to sign non-disclosure agreement, and pay the GeekPwn registration fee 1024 CNY. Students with identification document can get 50% discount. The registration fee doesn’t cover the travel and accommodation of contestant to attend GeekPwn event.

We welcome any recommendation of geeks to GeekPwn event. If the geek you recommend successfully Pwns device and wins the prize, the committee will reward you 10% of the winner prize as reference prize.

Keen and partners in security community setup 9 GeekPwn labs in China and US. You can visit the labs to do research on the smart devices, or participate the technical saloon to share your geek thoughts in community.

Judges | Counsellors | Organizers

Yu Yang

Yu Yang, known as Tombkeeper or TK, is one of the two winner worldwide of Microsoft security bounty program with 100 thousand USD for his research findings of mitigation bypass techniques. He is a veteran with rich experience in security research field and has abundant research results on vulnerabilities, malware etc. In addition, he independently found the techniques to break iPhone fingerprint identification mechanism and crack wireless RFID communication etc. He has great fame in security community with his high-quality presentations in CanSecWest, HITCon, XCon and many other security conferences. Now, he is head of Tencent XuanWu Security Research Lab.

Xiao Xinguang

Xiao Xinguang, known as Seak, is the founder and Chief Architect of Antiy Labs. He started computer virus research from year 1994 and witness the whole evolution of anti-virus and anti-malware techniques. He also expands to new research areas such as anti-APT, Visualized Presentation of Security Status etc. He also initialized hardware security research in Antiy security research team with abundant results on attacking computer peripherals, BPL signal and 3D printer, which were presented in XCon.

Zhuge Jianwei

Dr. Zhuge Jianwei, is the Research Fellow of Network Science and Network Space Research Institute, and Network and Information Security Lab, Tsinghua University. He is the top lecturer and researcher on network and system security area, and supports the CCERT operations. He is also the leader of Blue Lotus CTF team (Tsinghua University), which entered DefCon CTF Finals for several times. The team is the first China team to enter CTF Finals.

Chen Liang

Chen Liang, Chief Security Researcher of Keen Team, Leader of Keen Exploitation project. He is the key contributor of Keen Team to win Pwn2Own 2013 and 2014 with discovering the exploitation techniques on Windows and iOS. Keen Team is the only Pwn2Own winner team in China, and the only team to win Pwn2Own Mobile and PC contest worldwide.

Xu Hao

Xu Hao, known as Windknown, key security researcher of Pangu Team, which is the first China team to accomplish iOS Jailbreak. His current focus is on OSX/iOS system security and application development. He also has rich research experience on Windows system security, including vulnerability, rootkit and virtualization. He has the fame in security community with high-quality presentations in XCon, POC, Syscan, Syscan360 and many other security conferences.

Wei Tao

Dr. Wei Tao, known as Keithcool, is working in a famous security company in Silicon Valley and leading research team on next generation of mobile security. He was the associate professor of Beijing University, worldwide top researcher of vulnerability mining, co-organizer of UC Berkeley BitBlaze Security Research Team, and co-founder of MITBBS. He covers broad research areas such as system security, program analysis, software security architecture and network security. He led research team to publish 4 thesis in IEEE S&P(Oakland) which was the first presentation of China researcher team in worldwide top academic conference. And his research team got special nomination of Microsoft BlueHat Prize Contest’12.

Chris Evans

Chris Evans, worldwide top security research and the head of Google Chrome Security Research Team. He is the key contributor of Google Chrome browser security protection mechanism and initializes Google key security project “Project Zero”.

Ying Zhimin

Ying Zhimin, known as h4k_b4n, is an independent researcher and the found of RadioWar (wireless security research team). He is currently focusing on WiFi and RFID security research and application development. He also has many year experience on web security and was the founder of web security research team Bug.Center.Team.

Wu Shi

Wu Shi, Chief Scientist of Keen Cloud Tech, head of Keen Team. He discovered hundreds of high-risk vulnerabilities on different operation systems in the past 14 years. He keeps the worldwide record of number of vulnerabilities discovered and reported. He led Keen Team to win ZDI Platinum Award for three consecutive years, and breakthrough the protection mechanism of latest version of Windows and iOS. In the year 2010, he was also nominated of Blackhat Pwnies award and it was the first nomination to China security researcher.

Pan Zhuting

Pan Zhuting, Chief Strategic Officer of Beijing Venus Information Technology Co., Ltd., top expert of information security system and theoretical research in China. He initialized several innovative security models and distinctive methodologies with his deep understanding and sharp insight on the revolution of security techniques. In Oct 2012, he was nominated and won the award “2012 China Top 10 Chief Technology Officer”.

Ji Xinhua

Ji Xinhua, known as Benjurry, famous security researcher since 1990s. He is the founder and CEO of UCloud, and has great fame in both security and cloud computing industries. He is also the consultant of China Virus Emergency Response Center and served as the consultant of Information Security Committee of Beijing Olympic Games. Before founding UCloud, he was the CEO of SNDA Cloud and Chief Security Officer of SNDA Online.

Shen Yi

Shen Yi, professor of School of International Relationship and Public Affairs, Fudan University. His major research areas are National Network Security Strategies, Network Diplomacy and Global Network Security Management. He is the author of famous book “National Network Security Strategies of United States”.

Fang Xiaodun

Fang Xiaodun, known as Jianxin, is top researcher on web security and the founder of WooYun vulnerability reporting platform. He was also the founder of the famous security organization in China, 80Sec, and led the team to discover lots of system and script vulnerabilities.

Wu Hanqing

Wu Hanqing, known as Ci, Dafeng, Daoge, is the Security Vice President of AnQuanBao. He was the founder of famous “The Phantom Forum”, ”Web Security in eyes of Whitehat”, and “Daoge’s Blackboard Newspaper”. Before joining AnQuanBao, he was the Chief Security Expert of Alibaba.

Qu Bo

Key member of 0x557, expert of vulnerability mining and exploitation, famous writer in security community. From year 2003, he discovered and published lots of web security issues, and presented lots of original exploitation techniques. He expanded his research areas to binary since year 2006, and had rich findings on PRC, kernel, Office, PDF and Flash vulnerabilities. He also worked on forensics tools of x86, ARM and MIPS platforms. Since year 2013, he got the fame in worldwide security community to submit hundreds of Internet Explorer vulnerabilities to Microsoft from the research team he leads.

Wang Qi

DaNiuWa, initializer and organizer of GeekPwn, founder and CEO of KEEN. He was the first principle security researcher of Microsoft Asia Pacific, and co-founder of China Microsoft Security Response Center (MSRC) which is the the first regional MSRC out of Microsoft headquarter.

Wang Yingjian

Casper, founder of XCon conference, key member of XFocus Team, founder and CEO of Beijing HuaYong XingAn Science Technology Co. Ltd.

Keen Team is the security research team of Keen Cloud Tech. The team focuses on helping worldwide leading software manufactures, which have adopted advanced security engineering methodologies, to discover and fix security vulnerabilities. In the past years, Keen Team has discovered and reported hundreds of high-risk vulnerabilities to Microsoft, Apple, Google etc. In year 2013 and 2014, Keen Team won 3 winner award in Pwn2Own and is the first team to pwn both mobile and desktop operation systems in Pwn2Own history. Keen Team is currently focusing on the security research of cloud computing security and mobile security.

XCon Conference is one of the largest and well-known security conferences in China. It is famous by its industry authority and influence in worldwide security community. Starting from year 2002, XCon keeps the rigorous attitude to organize the conference as a platform for worldwide security community to exhibit and exchange the latest security technologies, and attracts lots of people from worldwide security industry and community to join.