GeekPwn 极棒 极棒2019
Photos
GeekPwn 2019 Photos
Find more at: live.photoplus.cn
Vulnerability disclosure status
Vulnerability disclosure status

思科

Cisco

Preinform

Inform

Confirmed

Fixed

友讯

DLink

Preinform

Inform

Confirmed

Fixed

MAXHUB

Preinform

Inform

Confirmed

Fixed

飞利浦

Philips

Preinform

Inform

Confirmed

Fixed
Contest Rules, Upgraded
GEEKPWN 2019 IS COMING
Register now,
you will sure find a new world.
>
Initial Prize Pool 5 Million RMB

As one of the world's leading platforms for cybersecurity researchers, GeekPwn enables security researchers and geeks around the world to share their thoughts and findings. GeekPwn2019 will take place on October 24th in Shanghai this year.

GeekPwn competition rules are upgraded. We still have Special Challenges and PWN Everything Challenges, but we added new competitions like CAAD Voice Recognition Challenge, Cloud Security Challenge, Junior Robot Agent Challenge, Anti Sneak Shot Challenge, etc.

Cyber security
GEEKPWN 2019 COMPETITIONS
Rules in the World,
cannot stop them.
Can you fool AI with special voice?
> Description >
CAAD Voice Recognition Challenge
CAAD (Competition on Adversarial Attacks and Defenses) started from 2018. It is organized by GeekPwn committee, Alexey Kurakin, Ian Goodfellow from Google Brain and Professor Dawn Song from UC Berkeley EECS. Its purpose is to accelerate research on adversarial examples therefore make AI more secure. In this year, we started to have competition on voice adversarial examples.
> Prize >
Total Prize Pool 200,000 RMB
GeekPwn Committee will evaluate the attack quality and give player RMB 20,000~100,000 as prize.
> Rules
The targets of this challenge are various Audio to Text Translation services or products. They can be online services, products using online services or standalone Audio to Text Translation services. If you can make adversarial examples of audio files (provided by GeekPwn Committee, they can be human speaking sound, birds tweeting sound, train whistle, etc) and let target services/products interpret the contents as specified text, or mislead the target services/products with other reasonable methods, you are welcome to register.
> Evaluation
GeekPwn Committee will evaluate according to the sound file difference, the difficulties of adversarial examples, the value of method to create adversarial examples, the count of online services attacked successfully, etc.
> Schedule >
Register Deadline: Sept 30th, 2019.
Please register online at here:  Register Form 
GeekPwn Committee will invite teams to GeekPwn 2019 to show the research results on Oct 24th.
*If there is any question about competition registration, please send email to cfp@geekcon.top
Fool AI Image Recognition with creative method
> Description >
CAAD CTF on Image Recognition
CAAD (Competition on Adversarial Attacks and Defenses) started from 2018. It is organized by GeekPwn committee, Alexey Kurakin, Ian Goodfellow from Google Brain and Professor Dawn Song from UC Berkeley EECS. Its purpose is to accelerate research on adversarial examples therefore make AI more secure. We will continue to have CAAD CTF on Image Recognition like GeekPwn 2018.
> Prize >
Total Prize 140,000 RMB
1st place 60,000 RMB; 2nd place 30,000 RMB; 3rd place 20,000 RMB; others 10,000 RMB
> Rules
Preliminary - round 1:GeekPwn official web site will announce  1000 pictures  and the attack target classes on July 22nd. The pictures size is 299*299. Players need to create adversarial examples based on these pictures. The infinity norm of difference of source images and adversarial image should be no more than 16. Teams need to submit adversarial examples before 00:00 AM (GMT) of July 29th. (8:00 AM Beijing time, July 29th). Every day, organizer will evaluate one submission for each team and rank teams based on the scores.
Preliminary - round 2: GeekPwn official web site will announce 1000 pictures and the attack target classes on Aug 5th. The requirements are same to round 1. Teams need to submit adversarial examples before 00:00 AM (GMT) of Aug 12th. (8:00 AM Beijing time, Aug 12th). If there are multiple submissions, then the last one will be used.
Preliminary - round 3: GeekPwn official web site will announce 1000 pictures and the attack target classes on Aug 19th. The requirements are same to round 1 and 2. Teams need to submit adversarial examples before 00:00 AM (GMT) of Aug 26th. (8:00 AM Beijing time, Aug 26th). If there are multiple submissions, then the last one will be used.
Final: After final teams are decided, then the teams will get detail rules of finals for their further preparations.
> Evaluation
In preliminaries, GeekPwn Committee will feed these adversarial images into several secret baseline classifiers. For each image, if targeted attack is successful, the team gets 1 point. If targeted attack is not successful, but non-targeted attack is successful, then the team gets 0.5 point. Otherwise, the team gets 0 points. GeekPwn Committee will announce the highest score on official web site and at the same time inform teams the team score and places in all teams. The top 4 teams in preliminary round 3 will be selected to finals. GeekPwn Committee will also invite 2 teams based on thesis, papers published in adversarial examples field.
Round1 finished,results  here  .
Round2 finished,results  here  .
Round3 finished,results  here  .
> Schedule >
Registration ended. Preliminary started.
One team can have at most 5 players. 2 of them can go to GeekPwn 2019 if the team can go to finals. Please send email to caad@geekcon.top and provide your team name, team introduction, team members introductions.
*If there is any question about competition registration, please send email to cfp@geekcon.top
Anti Sneak Shot,
a skill everyone should master.
> Description >
Anti Sneak Shot Challenge
The Anti Sneak Shot Challenge, organized by GeekPwn and RC2 TSCM Lab, tries to automatically detect the possible existence of pinhole cameras in bedrooms, hotel rooms and meeting rooms. It aims to raise public attention to personal privacy security, especially the hazard of illegal sneak shot devices. In this contest, contestants are requested to DIY detection tool to detect popular sneak shot pinhole cameras in automatic way. Contestant ranking is determined by the points gained according to the detected pinhole cameras, detection accuracy, difficulty, and technical merit.
> Prize >
Maximum Prize 100,000 RMB
1st Prize:50,000-100,000CNY
2nd Prize:30,000-50,000CNY
3rd Prize:10,000-30,000CNY
Winner Prize:5,000-10,000CNY
> Rules
Contestants should detect the pinhole cameras with automatic device created by DIY, and submit detailed design documents. It is forbidden to completely use the existing business products. If the contest judges believe the contestant’s device is not DIY , lacking customization or optimization, the judges have the right to cancel contestant’s qualification or contest result.。

Competition Forms

 The order of contestants is determined by drawing lots. Each contestant has 10 minutes. The round of contest is over when contest time is up to 10 minutes.During the contest, the other contestants are separated and unable to watch the condition of the contest field.To guarantee the automatic detection result and avoid possible impact of human factors, contestant is not allowed to touch detection tool and the cover curtain directly. The detection tool is taken into the room by assistant referee. The contestant can enter the room to watch the output of detection tool, and ask the assistant referee to take simple actions.

The simple actions allowed are:

● Move the detection tool to specified location.

● Change working mode of detection tool by pushing switch or button on it.

The detection result can be submitted in the following 2 ways:

● The detection tool should automatically save the detection results like MAC address to a text file, which will be exported by the assistant referee and submitted to the judges.

● The contestant may watch the output of detection tool and determine the possible location of pinhole camera under the cover curtain, and report the location number to assistant referee. Meanwhile the contestant may take picture with cellphone on the output of detection tool, send it to the assistant referee as judgement evidence.

Contestant should submit the detection result immediately when the contest is over. With all detection results submitted, judges will take review and determine the competing result.

Contest Field

The contest field is a closed room with area about 25 square meters (hereinafter referred to as “the room”), like bedroom, hotel room, meeting room decorated with different things, for example desk, chair, socket, remote, books etc.

There are several pinhole cameras hidden in the things of the room (number TBD) as detection targets. To avoid impact of human experience factor, all things in the room are covered with curtain. The positions of things are labeled with numbers at the corresponding part of curtain.

The pinhole cameras work in different modes including always powered on, turned on at fixed time, WIFI supported (AP mode and client mode), frequency hopping, no WIFI but SD card supported etc.

There may be different signals in the room, like mobile signals, signals of pinhole cameras, WIFI signals for contest support, signals of television camera, and signals from other possible sources.

> Evaluation

The contest judges will mark points based on the detection result (MAC addresses, locations etc.), as well as detection accuracy, difficulty, and technical merit.

Contestants with specific total points (TBD) will be qualified for awarding.

Contestants are ranked by total points. If there is a tie in total points, the ranking will be determined by points in the order of mappings, locations, and MAC addresses.

There will be the 1st, 2nd,3rd prizes and winner prize, based on the contestant’s total points and ranking. Award criteria details will be revealed in future version of this document.

> Schedule >
Registration Deadline: Sept. 30th, 2019
Please register online at here:  Register Form  。 detailed competition rules can be downloaded  Competition Rules version 1.0 . If there is any question, please send email to cfp@geekcon.top.
The 1st battle field of junior geek
> Description >
Junior Robot Agent Challenge
The Junior Robot Agent Challenge of GeekPwn 2019 will simulate the situation that robot agents fulfil missions and escape from enemy area. In this contest, each participant team is required to make a robot which can act by remote control or in autonomously way, to complete missions like breaking through barriers, closing and opening doors, placing booms, cutting lines, and collecting ore samples etc. The winner teams will be awarded based on the ranking of points gained from missions completed.
> Prize >
Maximum Prize 80,000 RMB
1st Prize:40,000-80,000 RMB
2nd Prize:20,000-40,000 RMB
3rd Prize:10,000-20,000 RMB
Winner Prize:5,000-10,000 RMB
> Rules
The contestants should be students of junior high school and senior high school. Each team can have 1 or 2 members, and 1 optional adult adviser. It is not allowed for one player to join multiple teams.
Each team will try contest in turn. Each round of contest has max time of 10 minutes. The round of contest is over when time used up to 10 minutes.
If contest is aborted due to robot malfunction, the team has 1 opportunity to restart the contest. If this is the case, the points of 2nd round of contest will take effect.
> Evaluation
Team ranking is based on the total points of completed missions. Team with specific minimum score will be qualified for award.
> Schedule >
Registration Deadline: Sept 30th, 2019
Registration: please register online here  Registration Form  . If more infomation is needed, please send email to cfp@geekcon.top
Find vulnerabilities of cloud
> Description >
Cloud Security Challenge
After years of development, cloud computing has become the preferred architecture for enterprise IT construction with its flexible configuration, high availability, and business resiliency. However, cloud security issues have become increasingly prominent with the popular usage of cloud. The security incidents such as service interruptions and data breaches has greatly affected business operations. GeekPwn and Tencent Security YunDing Lab launched the first cloud security challenge based on real cloud platform, covering cloud computing "full stack" environment, aiming to improve cloud service security.
> Prize >
Prize Pool 1,500,000 RMB
Total Prize Pool 1,500,000 RMB (Including competition prize and 0day vulnerabilities prize)

● Online warm-up competition, the top 30 teams will each get 1,000 RMB. For every question (except test question), the first team to solve will get extra 2,000 RMB.

● In open competition, the 1st place will get 80,000 RMB, 2nd place will get 50,000 RMB, 3rd place will get 20,000 RMB, other winner teams will get 10,000 RMB.

● In open competition, if any team submit 0day vulnerabilities, GeekPwn Committee will evaluate the impact, technical difficullties and decide extra 0day vulnerabilities prize.

> Rules
The entire competition is divided into online warm up and open competitions.

Online warm up competition (finished)

Select main stream cloud computing architectures to build competition environment. The questions covered Cloud Applications, Docker escape, etc. After 48 hours, 30 teams win prizes. Please check  here  for details.

Open competition

The organizer will build environments and open them to registered teams. The teams will perform research and report what they can do to organizer. Then organizer will select 5 - 8 top teams to finals at GeekPwn 2019. The rules of finals will be published later on official GeekPwn web site.

> Schedule >
Online warm up competition finished.
Open competition registration deadline: Sept. 30th, 2019
Online warm up competition: Finished successfully,  check  details.
Open competition Registration: July 2019 - Sept. 30th, 2019, players can register at  here  . The organizer will evaluate all registrations and decide the players list of finals which will take place on Oct. 24th, 2019.
*If there is any question about competition registration, please send email to cfp@geekcon.top
No rules restriction,
hack with creative methods.
> Description >
Vulnerabilities based PWN
Smart devices, AI products, libraries, frameworks and IoT products, that are commercially available or widely used are all acceptable PWN targets. By exploiting security vulnerabilities, the attacker without privileges can get system control, access private data or break through original security mechanisms in reasonable attack conditions.
> Prize >
Maximum Prize 800,000 RMB
The maximum individual prize awarded will be: 800,000 RMB.
> Rules

1. The PWN target (device, application or security module) should be in factory shipped state with official updates and default settings. The ROM and/or software versions should be >= the latest version 30 days before the GeekPwn event.

2. All the technical approaches must be contestant's original work. All the public known PWN approaches could not be used and win the contest. Winning contestants need to submit technical details report.

3. Prize will be offered by GeekPwn committee based on the PWN technical difficulty, creativity and demonstration effects.

> Examples

Pass face recognition door control with one vulnerability: Contestant exploited a vulnerability to get system control privilege. Modify the face data so pass the control with other person's identity. (GeekPwn2017 Shanghai)

Exploit Home Router vulnerabilities: Contestant exploit vulnerabilities in home router remotely to get admin privileges. (GeekPwn2014 - 2017)

Exploit 9 vulnerabilities, attack Trustzone: Contestant asked user install a malicious app, then the app attack TrustZone, everyone can unlock the phone with finger print. (GeekPwn2016 Shanghai)

*More vulnerability based PWN, like Camera, POS, Robot, Smart Watch, Smart Lock, Shared Bike, etc , please check  Hall of Fame  .

> Schedule >
Registration Deadline: Sept. 30th, 2019
Registration: Please submit your online registration  Registration Form  .
First round evaluation: GeekPwn Committee will evaluate according to the submit form in 5 business days.
Second round evaluation: GeekPwn Committee will determine if the registration is accepted. Once accepted, GeekPwn Committee will prepare device (or AI products) and presentation environment.
*For any questions, please send an email to: cfp@geekcon.top
0day not needed,
show your creativity.
> Description >
Non-Vulnerability Based PWN
Smart devices, AI products, libaries, frameworks and IoT products, that are commercially available or widely used are all acceptable PWN targets. Or, there may be no direct PWN target at all, but only a security scenario. The attack is NOT necessarily exploiting vulnerabilities, but using new creative method.
> Prize >
Maximum Prize 800,000 RMB
The maximum individual prize awarded will be: 800,000 RMB.
> Rules

1. The PWN target (device, application or security module) should be in factory shipped state with official updates and default settings. The ROM and/or software versions should be >= the latest version 30 days before the GeekPwn event.

2. All the technical approaches must be contestant's original work. All the public known PWN approaches could not be used and win the contest. Winning contestants need to submit technical details report.

3. Prize will be offered by GeekPwn committee based on the PWN technical difficulty, creativity and demonstration effects.

> Examples

Wombie Attack: a new model of worm spreading. (GeekPwn2017 HongKong)

Recognize CAPTCHA images by using DNN: Contestant used trained DNN to crack Google reCAPTCHA (GeekPwn2017 Sillicon Valley)

Attacker uses Machine Learning to learn human voice: then simulate it to pass a voice recognition system. (GeekPwn2017 Shanghai)

*More Non-Vulnerability based PWN, please check  Hall of Fame 

> Schedule >
Registration Deadline: Sept. 30th, 2019
Registration: Please submit your online registration  Registration Form  .
First round evaluation: GeekPwn Committee will evaluate according to the submit form in 5 business days.
Second round evaluation: GeekPwn Committee will determine if the registration is accepted. Once accepted, GeekPwn Committee will prepare device (or AI products) and presentation environment.
*For any questions, please send an email to: cfp@geekcon.top
Pay attention to these
RESTRICTIONS & NOTIFICATIONS
Professionalism is to try best.

1. GeekPwn organizing committee ("the committee" in below description) recognizes the technical capability of the winner individually, but doesn't acknowledge that it has linkage to winner's working organization.

2. The committee doesn't acknowledge the contest result directly reflect the security level of the smart devices.

3. The committee restrictedly follows the responsible disclosure to device manufactures. All the details of Pwn technical approaches will be disclosed to the representatives from the according device manufactures privately by committee and contestant. If no representatives from the manufacture is at the scene, all the information will be disclosed to manufactures offline after the contest. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

4. The committee commits that foreign judges will only participate the judgment of devices categories of foreign manufactures.

5. The committee guarantees that contestant's private personal information will not be disclosed to third-party or used for commercial activities without contestant agreement and authentication.

Schedule
GEEKPWN CALENDAR
Wake up Geeks,
make the world perfect.
Advisers and Judges
GEEKPWN COMMITTEE
Either the NO. 1,
or the Only 1.

We need your support
THANKS TO THE SECURITY COMMUNITY
Geeks' Power,
protect the justice.
Contestant Registration: cfp@geekcon.top Business Cooperations: biz@geekcon.top
Consulting Tickets: ticket@geekcon.top Media Cooperations: biz@geekcon.top

© 2019 GeekPwn Committee

KEEN All Rights Reserved

沪ICP备2021002426号-3
<

KEEN Cloud Tech endeavors to help the world's leading software manufactures who have adopted advanced cybersecurity engineering methodologies to discover and fix cybersecurity vulnerabilities. Over years, KEEN has discovered and reported hundreds of high-priority vulnerabilities to Microsoft, Apple, and Google etc.

As one of the world's leading platforms for cybersecurity researchers, GeekPwn enables security researchers and geeks around the world to share their thoughts and findings. Since 2014, GeekPwn has successfully held 8 sessions in Beijing, Shanghai, Macau, Hong Kong and Silicon Valley, and responsibly disclosed hundreds of critical security vulnerabilities and awarded over millions (USD) to contestants.

>