Finding a security hole in 5 minutes, 2 Viettel experts won the world’s largest cyber security competition

Tram Ho

According to Viettel Cyber ​​Security Company (Viettel Cyber ​​Security, international abbreviation: VCS) under Viettel Military Telecom Industry Group, Viettel security expert – the only representative of Vietnam has won the war. wins competitions at the world’s largest and reputable cyber attack competition called Pwn2Own 2021.

This year, Viettel’s team includes 2 experts including Dao Trong Nghia and Pham Van Khanh.

Tìm ra lỗ hổng bảo mật trong 5 phút, 2 chuyên gia Viettel chiến thắng cuộc thi an ninh mạng lớn nhất thế giới - Ảnh 1.

Pwn2Own by Zero Day Initiative has been held annually since 2007 with bonuses up to millions of USD, attracting the participation of global security experts. Here, well-known technology firms will bring their products to the target in the penetration testing challenges.

On the website of the competition, the Vietnamese team was marked “successful” in two exams held on April 7 and 8. In the “escalating privilege” category on the Windows 10 operating system, the team has succeeded in elevating user rights from normal to System privilege – able to take the highest control over the computer. In the “Servers” category, the team also succeeded in hacking the Microsoft Exchange email server system.

Tìm ra lỗ hổng bảo mật trong 5 phút, 2 chuyên gia Viettel chiến thắng cuộc thi an ninh mạng lớn nhất thế giới - Ảnh 2.

The official website of the contest announced the victory of Viettel team.

After two exams, experts from Vietnam helped Microsoft find out 5 new vulnerabilities, including two vulnerabilities in Windows 10 and three vulnerabilities in Exchange server. These vulnerabilities have all been rated as particularly critical. If exploited, hackers can take control of computers or hijack emails, break into the systems of organizations and enterprises using Microsoft Exchange email servers.

Worth mentioning, while the time limit of each test at Pwn2Own is 20 minutes and there are 3 attempts, Viettel’s experts are successful in the first attempt and completed in less than 5 minutes.

Tìm ra lỗ hổng bảo mật trong 5 phút, 2 chuyên gia Viettel chiến thắng cuộc thi an ninh mạng lớn nhất thế giới - Ảnh 3.
Tìm ra lỗ hổng bảo mật trong 5 phút, 2 chuyên gia Viettel chiến thắng cuộc thi an ninh mạng lớn nhất thế giới - Ảnh 4.

It is known that expert Dao Trong Nghia was only born in 1998, which means just graduated from university. He specializes in software vulnerabilities, many times recognized by Microsoft for discovering serious flaws in the Windows operating system.

Pham Van Khanh is an expert “with a number of cheeks” in the industry. He was ranked 19th in the top Microsoft vulnerability specialist in 2020, discovered nearly 20 zero-day vulnerabilities on Microsoft platforms, such as MS Exchange, MS Dynamic, IIS.

After winning, the team of experts from Viettel Cyber ​​Security Company received a prize worth 40,000 USD (nearly 1 billion VND).

Last year, when Viettel first participated in the competition, two security experts Do Quang Thanh and Ngo Anh Huy also won when taking control of SmartTV through the default browser on Samsung and Sony TVs. .

 

Share the news now

Source : Genk