Hall of Fame
These people are contestants successfully PWNed on GeekPwn platform, we appreciate their help to protect Smart Life. >> Go to Hall of Fame
No matter professionals or non-professionals, we welcome you to join if you like the Geek spirit.
You can get a ticket of Shanghai main venue through any of the methods below.
1. Visit online tickets platform Eventdove to get a ticket of GeekPwn Shanghai.
2. Send email to ticket@geekcon.top. Please write in the email your name, contact method, address, your ticket requests, etc and we shall contact you soon. Paypal, GeekPwn Paypal account: ticket@geekcon.top
3. You can register for Silicon Valley event with this Register Link.
Contestant Registration
Contestant registration to the GeekPwn Contest is closed already.

More PicturesV.Photos

Vulnerability disclosure status


































Elm Electronics Inc.




GeekPwn Carnival Rules
Initial Prize Pool 5 Million RMB

From the beginning, GeekPwn always walk in the forefront of technology.

In 2014, GeekPwn started and set no limit on PWN targets. In GeekPwn 2015, we set special PWN sessions for finger print recognition, SSL/TLS protocol, etc.  In GeekPwn 2016, we begin to notice AI has security issues. We invited the inventor of GAN, Ian Goodfellow to GeekPwn 2016 Silicon Valley site to share his research on GAN. In GeekPwn 2016 Shanghai site, contestant built robot and steal information from air-gapped computers.

In 2017, GeekPwn will continue to explore AI security and set special AI Security session. We welcome more AI geeks' participation.

Again, GeekPwn invites you, talented geeks. Let's break the limitation of minds and show your great power.

PWN Everything


Smart devices, IoT products in public markets are all acceptable PWN targets. Contestant with no privileges can get system control, access private data or break through original security mechanisms in reasonable attack conditions.


A printer is infected by a malware. That malware can transfer data from the air-gapped network to a drone through laser.

Through analyzing the movement of user's palm recorded by wearable device, attacker may know user's password for accessing ATM machine, Electronic access control and enterprise servers.

More PWN Everything examples like camera, POS machine, drone, robot, smart watch, smart lock, smart bike etc. are available at GeekPwn Hall of Fame

Special AI Security Session
GeekPwn, Next Idea Sponsored Jointly

As AI is progressing rapidly, people begin to consider more about it. From security geeks' view, AI can be PWNed or become assistant tool in PWN.

The special AI Security session wants 2 types of submissions. PWN AI and AI PWN.



For all public AI Services, Products, Libraries, Frameworks, if you can exploit vulnerabilities to make the AI system or component stop working, or lead the AI system or component make wrong decisions, please register. The target areas include Computer Vision, Voice Recognition, Natural Language Processing, Autonomous Driving, Malware Detection, etc. The target AI frameworks include mainstream frameworks like TensorFlow, TorchNet, Caffe, etc.


Use special algorisms to create adversarial pictures based on original ones. While human beings recognize them correctly, some public picture classification services or software make wrong decision.

Use any face to unlock a phone with facial recognition.

Exploit vulnerabilities in autonomous driving system, make the system unable to detect some specific obstacles.

Exploit vulnerabilities in AI framework, make deployed AI system stop working in some specific situations.



Contestant takes AI (Various algorisms in Computer Vision, Voice Recognition, Natural Language Processing, Autonomous Driving, etc.) as primary or assistant method in hacking process to break the limit of target system. Therefore the original functions of target system stop working, or information leaked.


Using AI method for speech synthesis, simulate the target people's voice and pass target authentication system with high probability.

Using AI method to determine the hand actions from video clips to identify the password input with high correct recognition rate.

Using AI method to identify complex CAPTCHA with high correct recognition rate.

Online registration: Please submit registration form online【Register】.

First round evaluation: GeekPwn Committee will evaluate according to the submit form in 5 business days.

Second round evaluation: GeekPwn Committee will determine if the registration is accepted. Once accepted, GeekPwn Committee will prepare device (or AI products) and presentation environment.

Registration deadline: September 30th(Shanghai);October 10th, 2017(Silicon Valley)
For any questions, please send email to cfp@geekcon.top

Judgment Rules
1. The PWN target (device, application or security module) should be in factory shipped state with official updates and default settings. The ROM and/or software versions should be >= the latest version on September. 24th (30 days before the event).

2. All the technical approaches must be contestant's original work. All the public known PWN approaches could not be used and win the contest. Winning contestants need to submit technical details report.

3. Some special awards will be offered by GeekPwn committee based on the PWN technical difficulty, creativity and demonstration effects.

4. GeekPwn committee reserves the right of final decision on the interpretation of all rules.
Vulnerability Disclosure Process
GeekPwn follows the vulnerability disclosure process as below:
Notice to Manufacturers in Advance
One week before the GeekPwn event, GeekPwn committee will send notice to manufacturers to inform them that their products will be PWN targets. The manufacturers can register to participate the event and see the whole PWN demonstration.

Note: The official email address is committee@geekcon.top. GeekPwn committee will contact manufacturers with contact information on manufacturers public web site. But, because we are not able to verify those information, GeekPwn committee will not release any vulnerability information before GeekPwn event.
Responsible Disclosure Afterwards
GeekPwn committee will deliver the vulnerabilities details collected to manufacturers in two weeks after GeekPwn event. The manufacturers need to acknowledge and let GeekPwn committee know if the vulnerability does exist. GeekPwn committee will provide assistance during the process.

For the situations below, GeekPwn may report the vulnerability to 3rd party vulnerability collect platform and release partial information to public therefore push manufacturers fix the product in time.

a) GeekPwn committee cannot contact the manufacurers before and after the GeekPwn events.
b) The manufacturer has no official feedback on vulnerability report after 3 working days.
c) The manufacturer and GeekPwn committee don't have same opinions on whether the vulnerabilities exist.
GeekPwn committee reserves the right of final decision and interpretation in the case of any dispute.
GeekPwn Counsellors

Ding Ke

Tencent vice president, director of Tencent Security, well-known security expert in China. He joined Tencent in 2003 and became the chief director and general manager of 9 business departments in Tencent. The departments include Telecommunications Business department, Wireless Product department, Wireless R&D department, 3G Product Center, etc. He was one of the founders of many product lines in Tencent. Prior to joining Tencent, he worked at Cisco China and Lucent Technologies and achieved excellent results.

Dawn Song

Dawn Song is a Professor in the Department of Electrical Engineering and Computer Science at UC Berkeley. Her research interest lies in deep learning and security. She is the recipient of various awards including the MacArthur Fellowship, the Guggenheim Fellowship, the NSF CAREER Award, the Alfred P. Sloan Research Fellowship, the MIT Technology Review TR-35 Award, the Faculty Research Award from IBM, Google and other major tech companies, and Best Paper Awards from top conferences in Computer Security and Deep Learning.

Bu Zheng

Bu Zheng, CISO of Didichuxing, Silicon Valley entrepreneur and start-up veteran, angel investor. Prior to co-founding AssureSec, Zheng was founder and vice president of FireEye Labs, where he led research and drove detection efficacy across FireEye product portfolio from 2012. Before that, Zheng joined Intruvert as part of the founding engineering team in 2001, which was acquired by McAfee, then by Intel, where he served as WW director of threat research of McAfee labs. Zheng co-founded NSFocus and led the product and engineering team of NSFocus in 2000. Zheng is active in security community and spoke at top level security conference (Blackhat, RSA, Bluehat, etc). Zheng is an adviser to several venture capital organizations and startup CEO.

Du Yuejin

Dr. Du is the Vice President of Security Department of Alibaba Group. With over 17 years working experiences in network security, he has built up the network security emergency response team of China. He was the director of National Engineering Lab for Cyber Security Emergency Response Technology of China and National Cyber Security Technology Research Institute of China, and Vice President of APCERT (Asia-Pacific Computer Emergency Response Team ). He is also a part-time professor and tutor of Ph.D. students in several Universities. He has won first prize of National Science and Technology Progress Award of China, ISC2 Information Technology Expert Award, etc.

Daniel Wang

Daniel Wang, initializer and organizer of GeekPwn, founder and CEO of KEEN. He was the first principle security researcher of Microsoft Asia Pacific, and co-founder of China Microsoft Security Response Center (MSRC) which is the the first regional MSRC out of Microsoft headquarter.

GeekPwn Judges

Yu Yang

Yu Yang, known as Tombkeeper or TK, is one of the three winners worldwide of Microsoft security bounty program with 100 thousand USD for his research findings of mitigation bypass techniques. He is a veteran with rich experience in security research field and has abundant research results on vulnerabilities, malware etc. In addition, he independently found the techniques to break iPhone fingerprint identification mechanism , BadBarcode and BadTunnel etc. He has great fame in security community with his high-quality presentations in Black Hat USA, CanSecWest, HITCon, XCon and many other security conferences. Now, he is head of Tencent XuanWu Security Research Lab.

Wei Tao

Dr. Wei Tao is the leader of Baidu Security Lab, and was Associate Professor of Beijing University. He is a Co-organizer of BitBlaze, well known security team in UC Berkeley. He is also a Co-founder of MITBBS. He has made great achievements in both security academy and industry. He is now the leader of Baidu security lab, including sites of Beijing and San Francisco Bay Area. The lab is providing advanced security technology and ability to Baidu business.

Yuan Renguang

Mr. Yuan is the Director of Tencent ZhanLu Lab. He is a well-known guru-level representative of network security researchers and white-hat hackers in China. He was the first researcher in China who analyzed Windows system-level codes and found Windows 9X 'Share Level Password' vulnerability, IIS Unicode vulnerabilities.

Thomas Fang ZHENG

Dr. Thomas Fang ZHENG, Research Professor, Doctoral Supervisor, Director of Center for Speech and Language Technologies, Tsinghua University; Chairman of Beijing d-Ear Technologies Co., Ltd.; IEEE Senior Member, Vice President of APSIPA (Asia-Pacific Signal and Information Processing Association), and so on. Dr. Zheng has been working in the research and development of speech and language processing and automatic biometrics recognition for nearly 3 decades. He is Vice Director of Subcommittee 2 on Human Biometrics Application of Technical Committee 100 on Security Protection Alarm Systems of Standardization Administration of China (SAC/TC100/SC2), and the drafters of several national and industrial standards.

Zhuge Jianwei

Dr. Zhuge Jianwei, is the Research Fellow of Network Science and Network Space Research Institute, and Network and Information Security Lab, Tsinghua University. He is the top lecturer and researcher on network and system security area, and supports the CCERT operations. He is also the leader of Blue Lotus CTF team (Tsinghua University), which entered DefCon CTF Finals for several times. The team is the first China team to enter CTF Finals.

Xu Hao

Xu Hao, known as Windknown, co-founder and key security researcher of Pangu Team, which is the first China team to accomplish iOS Jailbreak. His current focus is on OSX/iOS system security and application development. He also has rich research experience on Windows system security, including vulnerability, rootkit and virtualization. He has the fame in security community with high-quality presentations in Black Hat USA, XCon, POC, Syscan, Syscan360 and many other security conferences.

Qu Bo

Key member of 0x557, expert of vulnerability mining and exploitation, famous writer in security community. From year 2003, he discovered and published lots of web security issues, and presented lots of original exploitation techniques. He expanded his research areas to binary since year 2006, and had rich findings on PRC, kernel, Office, PDF and Flash vulnerabilities. He also worked on forensics tools of x86, ARM and MIPS platforms. Since year 2013, he got the fame in worldwide security community to submit hundreds of Internet Explorer vulnerabilities to Microsoft from the research team he leads.

Wang Yu

Wang Yu loves everything regarding OS kernel, from the implementation of kernel architecture, driver programming, rootkit/anti-rootkit to hunting and exploiting of vulnerabilities, Android root. Currently, he's working for a well-known internet security company, engaged in the research of vulnerabilities and APT recognition. He delivered speeches on the conferences such as SysCan360 2012/2013, Hitcon 2013, Black Hat USA2014.

Wan Tao

Wan Tao is LeCloud computing security center general manager, co-founder of IDF Security Lab and Yiyun Social Innovation Center, member of Chinese Computer Forensics Technology Committee, senior consultant to Chinese Academy of Engineering Development strategy of China's information and electronic engineering technology research center expert committee.After graduated from BJTU, he worked for PwC, CAJinchen and IBM, and was in charge of the information program on telecommunications, airlines, Banks and other large enterprises and financial institutions.He delivered numbers of speeches on security conferences at home and abroad, such as Phdays in Russia, POC in South Korea, Hitcon in Taiwan. He also has been reported by CCTV and TIME Magazine, etc.Currently he focuses in the researches and practices of threats intelligence, security of IoT, digital radio and socialization big data.

Yuan Jinhui

Yuan Jinhui, Doctor of Engineering, doctoral thesis won the award for outstanding Ph.D. Thesis of Tsinghua University, his research focused on computer vision and machine learning. After graduation, he became a postdoctoral teacher. From 2004 to 2007, he participated in the video index test, which was organized by NIST. In 2010, with the cooperation of the SSAC, he was in charge of developing the snooker games "eagle eye" system, which was introduced in the international competition replacing the eagle eye system services. In 2013, Jinhui joined Microsoft Research Asia. From 2015 to the end of 2016, he focused on building a deep learning platform based on heterogeneous clusters, the project was awarded the special prize (Top 1%) of Microsoft Research Asia. In 2017, he established company named Beijing Yiliu Technology.

GeekPwn Technical Committees

Chu Chengyun

Chu Chengyun, former network security strategy director of Microsoft, focuses on the development of Microsoft cloud security strategy. He created and developed many world-leading security products and services, such as EMET, Office365 Advanced Threat Protection, etc. Under his leadership, Microsoft security team responded to major scecurity incidents such as Stuxnet, Flame and Aurora. Now, Chengyun is the co-founder and CEO of C2SEC, a security start-up providing quantitative threat assessment and continuous monitoring for cloud services.

Li Xiaoning

Li Xiaoning is a security researcher and architect at Intel Labs and focuses on analyzing/detecting/preventing 0 day/malware with existing/new processor features. For the past 10+ years, his work has been focusing on both hardware/software security system co-design and advanced threat research. Xiaoning holds 20+ grant/filling patents in security areas including processor/system security and has published more than 20+ conference/invited talks including BlackHat, CanSecWest, ShmooCon, Source etc.

Wang Haibing

Wang Haibing, Director of GeekPwn Lab. Graduated from Computer Science Department, Fudan University, he got his Master degree. After that, he joined Microsoft China and became an Escalation Engineer of Microsoft firewall product. He has many years of experiences in product development and testing. He left Microsoft in 2011 and became one of the founders of KEEN. He is now a technical expert in KEEN and Director of GeekPwn lab.

Song Yuhao

Song Yuhao (Dennis) is a senior researcher of KEEN, and a security researcher of GeekPwn Lab. He used to work as a security engineer at Microsoft China Security Response Center. He is currently focusing on the security of IoT and smart devices. He has delivered speeches in high level conferences such as Black Hat Asia, CanSecWest, QCon, etc.

Lyu Lisheng

Lyu Lisheng (Alex) graduated from Shanghai Jiaotong University and received his Master degree on Information Security in 2005. As senior support engineer and tech lead in Microsoft APAC Security Support team, Alex obtained rich experience in customer service, training and security support. Now Alex is working as security service manager in KEEN and GeekPwn Lab . He is focusing on how to transform the rich research results of KEEN and GeekPwn Lab to customer products and services.

Wang Xue

Wang Xue is a voice technologist. He was an undergraduate of the university of Wuhan university of science and technology in 1982. He was a master of medical electronics in the Netherlands Eindhoven university of Technology in 1989. In 2006, he founded Jiangsu Siyun Voice Technology co., LTD. For many years, he has been both an algorithm scientist and an engineer, focuses on speech recognition, language correlation and signal processing.

Strategy Partners
Tech Committee Member
Frequently Asked Questions

What is GeekPwn?

GeekPwn is an international security community focusing in smart life. GeekPwn is held by KEEN every May 12th and Oct 24th to provide chances for security geeks to show their talents.

Who can sign up GeekPwn? How?

Anyone can sign up, as long as the submitted project meets laws and ethics, and is accepted by the committee. Please find corresponding application forms here, fill the form and submit. The committee will issue 2 rounds of reviews then decide if the application is accepted.

What kind of vulnerabilities would be accepted by GeekPwn?

From IoT, Smart devices, to AI services, any successful compromises of security restrictions have chances to be accepted. You can learn more about our past winner and their targets through Hall of Fame.

Who will provide the devices in the project?

All the target devices(or AI products)are provided by GeekPwn committee. The committee will purchase the target devices according to the contestants' request. The day before the contest, the contestants can upgrade the target devices under the supervision of the judge panel, to make its software/firmware version meet the requirement of GeekPwn. All the attacking devices are taken along by the contestants themselves, including computers, software tools, hardware tools, etc.

What's the requirement for the target devices' software/firmware version?

According to the rules, the device should be patched with official updates, and the version should be equal to or newer than the version on 30 days before the contest.

Is network access provided in the contest?

Yes, in the contest GeekPwn committee will provide dedicated network for the project through both wired and wireless access. The dedicated network is specified for a certain project, and isn't shared with other projects or spectators. The contestant can determine whether the network is connected to internet. The contestants can bring their own network devices as backup. But they are only allowed to use under the permission of the judge panel.

Is there a limit on the number of submissions for a single contestant/group? Can a contestant submit multiple exploits for different products?

No, there isn't a limit. You can submit as many as you can.

What if my target is not listed in GeekPwn's scope in the official website?

The targets listed on the page is just for reference and enlightening. Any new ideas of Pwning is welcomed.

I cannot participate this time, but I know someone who can.

Please tell us by filling the form  . If the recommended application wins in GeekPwn, you will get extra 10% of the prize as the recommendation reward.

What's new in GeekPwn 2017 Carnival?

You can see new match types, geek shows, and PWN of AI.

Organizer: Keen Team is the security research team of Keen Cloud Tech. The team focuses on helping worldwide leading software manufacturers, which have adopted advanced security engineering methodologies, to discover and fix security vulnerabilities. In the past years, Keen Team has discovered and reported hundreds of high-risk vulnerabilities to Microsoft, Apple, Google etc. Keen Team is currently focusing on the security research of cloud computing security and mobile security.
Contestant Registration: cfp@geekcon.top

Tickets: ticket@geekcon.top

Business Cooperations: biz@geekcon.top

Media Cooperations: biz@geekcon.top