HP Security Research Blog
The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.

Naming and graphic design services for bugs now available

ZDI is now offering vulnerability naming and graphic design services for researchers who reach Gold status. No longer will your bug suffer in anonymity; we’ll hook you up with our crack design team to give your bug the name and logo it deserves.

A look back at Pwn2Own 2015

wrap.jpgFor two fantastic days in Vancouver, six researchers again demonstrated that when you enter Pwn2Own and are successful, you can count yourself among the best in the world. After a weekend’s worth of reflection, let’s step back and review the highlights.

Pwn2Own 2015: Day One results

Researcher Winning.PNGThe first day of Pwn2Own 2015 saw successful attempts by four entrants against four products, with payouts of $317,500 to researchers in the main competition.

Pwn2Own 2015: The lineup

ZDI Logo_4Blog_200px.jpgThe competition order for Pwn2Own 2015 was assigned by random drawing in the Pwn2Own room on Wednesday morning. This year found seven contestants targeting the various products in the competition, with some handling multiple challenges – twelve competitions in all.

Pwn2Own 2015: The final contestants

welcome to vancouver.jpgPwn2Own begins tomorrow, but registrations have closed. A total of seven groups and individuals have signed up to attempt exploits on the available targets. Here are those competing.

Pwn2Own 2015: Exploitation at its Finest!

zdi-small.pngIt’s that time again: Security researchers, prepare to pack your best exploits and meet us in Vancouver. Pwn2Own 2015 is at hand. We announce this year’s rules, targets, and goals.

Tags: pwn2own| ZDI
Labels: pwn2own| ZDI

Vancouver, a Jewel of a city

We’ll have something to say about Pwn2Own in just a few minutes. In the meantime, Jewel Timpe, HPSR’s senior manager for threat research, may know something about the matter.

Tags: pwn2own| ZDI
Labels: pwn2own| ZDI

Mobile Pwn2Own 2014: The day two recap

Two more competitors stepped up to the test bench on the second and final day of the annual contest in Tokyo

Labels: mobile| pwn2own| security

Mobile Pwn2Own 2014: The day one recap

ZDILogo.PNGA record number of contestants set a fast pace for this year’s Tokyo competition – five teams, five targets, five wins.

Labels: mobile| pwn2own| security

Mobile Pwn2Own begins: Competitors and targets

26725808_s.jpgThe third Mobile Pwn2Own competition begins in Tokyo with the largest competitor lineup in its history. We have the full schedule -- and the list of devices and platforms that await their fate.

Labels: mobile| pwn2own| security

Avoiding collisions: How we’ll handle (potential) duplications between Pwn2Own and Pwn4Fun

This year we introduced Pwn4Fun to give Google and ZDI the opportunity to give money to charity. 

Tags: pwn2own| pwn4fun
Labels: pwn2own| pwn4fun

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks.

Pwn2Own 2014: Rules and Unicorns

HP’s Zero Day Initiative is once again expanding the scope of its annual Pwn2Own contest, with a new competition that combines multiple vulnerabilities for a challenge of unprecedented difficulty and reward.

Labels: HPSR| pwn2own| ZDI

Mobile Pwn2Own 2013 Yields Exploits in Safari, Samsung S4 applications

Mobile Pwn2Own 2013 started out with a bang. HP’s Zero Day Initiative and competition co-sponsors Google and Blackberry awarded $67,500 USD for the disclosure of multiple 0-day vulnerabilities and exploit techniques in the Safari browser and mobile applications.  We are excited to bring Pwn2Own to Japan to see the breadth of research from across the world, including exploits which reveal techniques that can help internal security teams improve their mitigations. 

Welcome to Mobile Pwn2Own at PacSec Tokyo - Super, happy fun

It's the big day! Join us for all the excitement of HP's ZDI Mobile Pwn2Own contest at PacSec in Tokyo. We'll be blogging throughout the day with news and the results of the contest.

Mobile Pwn2Own: Targets await, Register today!

It’s not too late! Register today for HP’s Zero Day Initiative (ZDI) second annual Mobile Pwn2Own competition, to be held on November 13-14, 2013 at PacSec Applied Security Conference in Tokyo, Japan.

Pwn2Own 2013 Recap

So, what happened at Pwn2Own this year? The question really should be: "What didn't happen at Pwn2Own this year?" Now that the dust has settled, let's step back and look at the carnage resulting from Pwn2Own!

Labels: HPSR| pwn2own| ZDI

Pwn2Own 2013

Get ready for Pwn2Own 2013 at CanSecWest March 6th-8th in Vancouver, British Columbia where HP ZDI is offering more than half a million dollars (USD) in cash and prizes.

Labels: HPSR| pwn2own| ZDI
Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
  • Head of OpSec Research
  • I am a senior security content developer with Hewlett-Packard Security Research (HPSR). In this role, I write and edit security analysis and supporting content from researchers, including those from HP’s Zero Day Initiative (ZDI) program. The ZDI program augments HP’s Enterprise Security Products with zero-day research through a network of over 3,000 independent researchers around the world. I am also responsible for providing insight into the threat landscape; competitive intelligence to the research team; and providing guidance on the social media roadmap. Part of my role includes speaking publicly and promoting the research and technology of the HPSR.
  • Kernelsmith is senior vulnerability researcher with Hewlett-Packard Security Research (HPSR). In this role, he analyzes and performs root-cause analysis on hundreds of vulnerabilities submitted to the Zero-Day Initiative (ZDI) program. He also tries to automate whenever he can, pulling from the devops and virtualization arenas. Josh is also a developer for the Metasploit Framework and has spoken at a few conferences and holds a few certifications. Prior to joining HP, Smith served in the U.S. Air Force for 10 years and subsequently became a security engineer at the John Hopkins University Applied Physics Laboratory. Smith performed research into weapons systems vulnerabilities as well as evasion and obfuscation techniques to add depth and realism to security device tests. Smith received a B.S. in Aeronautical Engineering from Rensselaer Polytechnic Institute and an M.A. in Management of Information Systems from the University of Great Falls.
  • Security Researcher, Software Security Research
  • Security Researcher, Zero Day Initiative
  • Steve Povolny manages the Digital Vaccine team at HP TippingPoint. The team is composed of security researchers and filter/signature developers for the Intrusion Prevention System.
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.