16/03/2023

DNS Remote Code Execution: Finding the Vulnerability 👾 (Part 1)

In 2019 and 2020, we DOMINATED the router Wide Area Network or WAN category in the Pwn2Own hacker competition. In this category, hackers attack network devices with previously unknown vulnerabilities, from external networks such as the Internet.

Unfortunately, by 2021 our competitors reversed engineered our techniques, and the game was up.

Today, we are starting a video series where we will show you our tips, tricks and techniques to find and exploit WAN vulnerabilities in network devices. And we're starting with a beautiful DNS exploit that got us $20,000 in prizes.

Let's get ready to PWN!

In this video, we will tell you the story of how we found CVE-2020-10881 in the Pwn2Own Tokyo 2019 hacking competition and won $20,000 dollars by exploiting it :-)

Previous

DNS Remote Code Execution: Writing the Exploit 💣 (Part 2)

Next

OffensiveCon22 - Radek Domanski and Pedro Ribeiro - Pwn2Own’ing Your Router Over the Internet