Pwn2Own 2016

Pwn2Own 2016.

Zero Day Initiative announces Pwn2Own 2016
Pwn2Own 2016: The lineup and schedule (updated with results)
Pwn2Own 2016: Closing out the first day

Pwn2Own 2016: Day two – crowning the Master of Pwn

The final numbers are quite impressive:
  • 6 bugs in the Windows operating system
  • 5 bug in the OS X operation system
  • 4 bugs in Adobe Flash
  • 3 bugs in Apple Safari
  • 2 bugs in Microsoft Edge
  • 1 bug in Google Chrome (duplicate of a previously submitted bug)
  • $460,000 USD bounty paid out to researchers

What is the methodology of this competition?
Would only direct attacks?

It’s all about finding previously unknown exploitable bugs, or, as it is sandboxed software, chains of bugs. I guess every researcher has its own method for finding them.

If an exploited bug is already known, the contestant gets no money for that bug, but for the other bugs that were found (see Chrome, day one).

You find rules etc. here.