GEEKCON· New GeekPwn

Quantify Cyber Adversarial Events

to Make a More Secure Digital World

New Version of TOP Security Competition GeekPwn

Globally Unparalleled Security Geek Event

Oct

24

2023

PHOTOS

DAF

Contest

HAC

First Place

"Cyberspace Travelling"

A Challenge that Exploits Unknown Vulnerabilities to Achieve Escape of a Virtual Machine Platform

TNB

Second Place

"Fatal Pulse"

A Challenge that Exploits Unknown Vulnerabilities to Launch a Denial-of-Service Attack on Any Website at a Magnitude of Thousands

Tiangong Lab

Third Place

"Cyberspace Travelling"

A Challenge that Exploits Unknown Vulnerabilities to Achieve Escape of a Virtual Machine Platform

Jiufeng Security Lab

Honorable Mention

Cracking and Locating a Vehicle with A Glance at the Car Window

A Challenge that Exploits Unknown Vulnerabilities to Remotely Control Intelligent Connected Vehicles

BlueThanos

Honorable Mention

He Who Knows Attacking is Intelligent

A Challenge that Exploits Unknown Vulnerabilities to Remotely Control a Domestic Operating System

NISL @THU

Honorable Mention

Vanishing Sound Waves

A challenge that Utilizes Selfmade Devices to Counter Hidden Audio Recording

15+5

Indepth Sharing

Tencent Security Xuanwu Lab

Outstanding Presentation

"Infinity Gauntlet" Attack

How I Brute-Force Cracked Fingerprint Authentication on Multiple Popular Smartphones

Ant Security Light-Year Lab

Outstanding Presentation

URB Excalibur

How We Achieved VMware Fusion Escape

Android Red Team

Outstanding Presentation

Attacking the Pixel Modem Over The Air

How We Remotely Compromised Mobile Baseband Chips

Security Lab @ByteDance

Outstanding Presentation

Revealing 7-year-old Attack Techniques

How We "Stole" BitLocker Encrypted Data

Sangfor k team

Outstanding Presentation

Hidden Threats in Office Documents

How We Stealthily and Efficiently Exploited OLE Vulnerabilities for Code Execution

DARKNAVY Insights

Special Disclosure

Assisting Law Enforcement in Capturing over 800 Black&gray Market Operators in One Year

How did we do it?

A certain security team

Haven't Heard of Online Black&gray Market Activities

Doesn't Mean You Haven't Been Involved

Two certain security teams

Cloaked in the Guise of Publicly Traded Companies

They are Currently Treating Users as Cash Cows

Two certain security teams

Annual Themed Debate

GPT and Hackers

Breakthrough Awards

Beyond Generation:
Detecting Zero-Day Web
Attacks via Security-GPT

Further Eye @Sangfor

Breakthrough Awards

GPTFuzzer:
Automated Jailbreak
of LLMs

Ant Security
Light-Year Lab

Breakthrough Awards

Red Team AI Commander:
Hacking Robot Built on LLM

CLOUDITERA

AVSS Contest

Final Contest (Android Track)

First Place

BlueThanos

Second Place

AAA

Third Place

Pindongdong

Honorable Mention

Polaris

Honorable Mention

NeSE

Honorable Mention

Dubhe

Annual Themed Debate

GPT and Hackers

DARKNAVY Insights:

Special Disclosure

DAF

Contest

AVSS

Contest

15 + 5

In-depth Sharing

Annual Themed Debate

GPT and Hackers

DARKNAVY Insights:

Special Disclosure

DAF

Contest

AVSS

Contest

15 + 5

In-depth Sharing

KEEP ON PWNING EVERYTHING!

Introduction

DAF (Defense & Attack Force) Contest is an immersive, unparalleled and extraordinary hacking contest like no other,

which unveils the real-world vulnerability exploitation threats by showcasing cyber adversarial activities in smart devices and network services.

As an upgraded version of GEEKPWN, DAF Contest continuously encourages contestants to PWN everything.

Rules and Regulations

All the submissions must abide by relevant laws and regulations.

For submissions involving the exploitation of target vulnerabilities, the targets (device, application or security module) should be in factory shipped state with official updates and default settings. The ROM and/or software versions should be the latest version 30 days before the DAF Contest begins.

All the technical approaches must be the contestant's own original work. Winning contestants must submit detailed technical report to the committee.

Winning contestants will be rewarded with certificates of honor and cash prizes. The first prize winners will be inducted into the annual Hall of Fame.

A BRAND NEW CHALLENGE TO QUANTIFY SECURITY.

Description

Two new cars of different brands, which one can better protect the personal safety of the drivers and passengers?

Come to a real crash test, and you will know.

But how can we compare the cyber security levels of different cars?

Which one is more resistant to hackers?

Similarly, how can we compare the cyber security levels of different information systems?

The AVSS (Adversarial Vulnerability Scoring System) Contest can be viewed as a "collision test field" for information systems based on the real adversarial network environment.

We know that there are no vulnerability-free systems in the world.

Most of our security efforts are made to increase the cost and difficulty of exploiting these vulnerabilities.

We are also aware that the investment in product security varies greatly among different companies.

Companies that prioritize user security should be recognized for their security achievements.

Moreover, we hope that ordinary consumers have the right to make more secure choices with greater convenience.

The first round of the AVSS Contest will focus on Android OS, the most popular OS on phones.

Like everyone else, we are curious to know:

Even in the face of new vulnerabilities, which phone is more resistant to attacks from global hackers?

Contest Overview

The first session of the AVSS Contest is focused on the Android system.

The competition consists of two stages: online preliminaries and offline finals. Contestants will compete in a Jeopardy-style format using the competition platform provided by the organizers. The online preliminaries will be conducted using the Android emulator environment, while the offline finals will involve the use of actual Android devices.

The competition will feature multiple sets of challenges at the application layer and kernel layer, all related to Android. Contestants will be evaluated based on their ability to exploit the same vulnerability or similar vulnerabilities in different Android system environments.

The organizers have intentionally embedded identical or similar vulnerabilities in different versions of the Android system and will provide the vulnerability information to the contestants. Contestants will need to exploit the pre-embedded vulnerabilities to obtain flags.

The online preliminary of GEEKCON-AVSS 2023 was concluded on August 28, 2023, at 10:00 AM.

The onsite final of GEEKCON-AVSS 2023 (Android Track) was concluded on October 24, 2023, at 17:30.

Rankings of the top six teams:

Rankings	Team Name	Score
1	BlueThanos	7250
2	AAA	3700
3	Pindongdong	3600
4	Polaris	2500
5	NeSE	2500
6	Dubhe	1700

AVSS Contest Discord Group: <CEEKCON>.

Onsite finals: October 24th, 2023, Shanghai

Awards & Prizes

1st Place: 50,000 RMB cash prize, award certificate, and inducted into the "Hall of Fame"

2nd Place: 30,000 RMB cash prize and award certificate

3rd Place: 15,000 RMB cash prize and award certificate

Honorable Mention: 7,500 RMB cash prize and award certificate

A DEBATE LIKE NO OTHER!

Introduction

During the first AI security competition CAAD in GEEKPWN, we had an optimistic idea:

If one day AI threatens human beings, hackers may be the savior.

As Alan Turing, the father of AI, was also a hacker, we believe hackers can make or break AI,

and they will always find bugs to prevent AI from getting out of control.

The birth of GPT has stunned us and prompted deep contemplation.

Could it be that GPT is the hacker, and we humans are the BUG?

The first theme of the GEEKCON's annual debate is "GPT and hackers".

This is a session that embraces scientific thinking and encourages all ideas from everyone.

Welcome to defend your idea. Let's debate!

1 GEEKCON organizing committee (hereinafter referred to as "the committee") recognizes the technical capability of the winners individually, but doesn't acknowledge that it represents the capability of the winners' associated organization.

2 The committee recognize and promote the comprehensive assessment of vulnerability exploitation capabilities and mitigation mechanisms from a confrontational perspective, and do not endorse the judgement of security levels of the target products involved in the event based on a single dimension or non-quantitative dimension.

3 The committee firmly follows the Responsible Disclosure principle. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

4 The committee advocates and encourages in-depth knowledge sharing and communication, but firmly opposes any speech and behavior that violates laws and regulations or infringes on the rights of others.

5 The committee guarantees that the participants' personal information will not be disclosed to third-party or used for commercial activities without their agreement and authorization.

6 The committee will provide awards and honors based on the research efforts, technical breakthrough, and technical innovation of the projects. As the top 1 security geek IP operator in China, the committee always advocate a reward mechanism that emphasizes both honor and moderate bounty, encouraging more geeks to participate in technical innovation and knowledge sharing.

1 GEEKCON organizing committee (hereinafter referred to as "the committee") recognizes the technical capability of the winners individually, but doesn't acknowledge that it represents the capability of the winners' associated organization.

2 The committee recognize and promote the comprehensive assessment of vulnerability exploitation capabilities and mitigation mechanisms from a confrontational perspective, and do not endorse the judgement of security levels of the target products involved in the event based on a single dimension or non-quantitative dimension.

3 The committee firmly follows the Responsible Disclosure principle. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

4 The committee advocates and encourages in-depth knowledge sharing and communication, but firmly opposes any speech and behavior that violates laws and regulations or infringes on the rights of others.

5 The committee guarantees that the participants' personal information will not be disclosed to third-party or used for commercial activities without their agreement and authorization.

6 The committee will provide awards and honors based on the research efforts, technical breakthrough, and technical innovation of the projects. As the top 1 security geek IP operator in China, the committee always advocate a reward mechanism that emphasizes both honor and moderate bounty, encouraging more geeks to participate in technical innovation and knowledge sharing.

Organizer

Strategic Partnership

Tech Partners

Community Media Partners

About DARKNAVY

DARKNAVY, an independent and free-spirited security research organization and service provider. We have invented and established AVSS (Adversarial Vulnerability Scoring System) to evaluate and quantify vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. We have also initiated and organized GEEKCON, a unique and top-class security geek event, to empower the development of the global security community.

Our goal is to create a more secure digital world by eliminating vulnerabilities in IT products/services. By sharing our knowledge through consulting and R&D experiences, we aim to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.

About GEEKCON

GEEKCON is the new version of the top security competition, GeekPwn. Initiated by DARKNAVY, GEEKCON aims to become a globally unparalleled technical event for security geeks, pioneering and promoting the visualization and measurable values of security ecosystem capabilities.

Registration Consultation: cfp@geekcon.top

Business&Media Cooperations: biz@geekcon.top

沪ICP备2021002426号-3

Registration Consultation: cfp@geekcon.top

Business&Media Cooperations: biz@geekcon.top

沪ICP备2021002426号-3