A two-day –November 16 and 17– hacking event organized in China known as Tianfu cup, brought a list of security researchers from countries to test vulnerabilities in various applications such as Google Chrome, Office 365, D-Link, Safari browser and Adobe pdf reader.
The goal is to find vulnerabilities in apps and if the attack succeeds then the researcher earns points and cash prizes.
The contest is intended to build a platform for cybersecurity enterprises and relevant research institutions to showcase technical achievements, communicate with industrial experts and establish in-depth project collaboration opportunities.TFC Organizers
Attacks started with day 1, here are some brief report of day 1 and day 2.
20 demonstrations, with 13 being successful, 5 teams gained a bonus.
6 targets were taken down Edge, Chrome, Safari, Adobe PDF Reader ,Office365 ,DLink, Ubuntu+qemu-kvm.
From the very first day hackers have gained access to various big enterprises.
With day 2 hackers gained access to Vmware and were trying to break into Windows Server and the iPhone 11.
17 teams delivered 28 on-site demonstrations with 20 successful and 8 failed.
11 teams have gained a bonus.
8 targets have been taken down.
Total bounty of $545,000 awarded.
Researching team was able to hack Chrome and has earned a total $40,000 cash prize.
A team named SlackLeader was able to find exploit in the Safari browser and earned a cash prize of $30,000.
For VMWare and qemu+Ubuntu a team named 360Vulcan earned a prize of $200,000 and $80,000.
The winner of the first day with highest score 360Vulcan.
I’m not at all surprised to see 360Vulcan has an exploit in every category. They are a large team with a lot of skilled people. Also, they always dominate by quantity in pwn contests, they go after everything.Security Researcher
Last year, China has banned it’s hackers for participating in international hacking events in fear of exposing many insider tricks
and were absent from the Pwn2Own competition in Vancouver.