join the event

International Cybersecurity Contest

With the target of gradually creating China’s own “Pwn2Own”, Tianfu Cup International PWN Contest will have three independent and parallel events: the original vulnerability demonstration and recurrence contest, the product Contest, and the system Contest. All teams are required to use original vulnerabilities to hack the given subject. The total bonus of the contest will reach up to 1.5 million US dollars in a bid to deliver a feast of cyber security technologies.
$1500000

Competition Forum

TFC 2021 International Cyber Security Summit Forum

TFC 2021 summit forum will set up a main forum and nine sub-forums focusing on hot topics in cybersecurity industry. Renowned experts and professionals are invited to share their opinions on the challenges this digital world is facing and what we should do to ensure its safety from the aspect of cybersecurity. Besides, industrial leaders and pioneers are also invited to join this discussion, exploring opportunities and challenges for the development of the cybersecurity industry along with the digital economy. The International Cyber Security Summit Forum of TFC 2021 is established in Southwest China and radiates whole China. It aims at creating the most professional international cyber security event in Southwest China, promoting the high-quality development of China’s cybersecurity industry.

Special events

Results Release Talent Recruitment
Results Release
Exhibitors release new products and technical results in the Achievement Release Hall. The audience and media representatives watch the content of the results release. At the same time, reporters can report on the results as soon as possible, effectively ensuring the dissemination effect of the results release.
Learn more >
Talent Recruitment
The core element of network security construction is network security talents. Digital internal business and external regulatory compliance pressure doubled, have spawned domestic demand for government and enterprise organizations to network security personnel continued growth in length. To address the shortage of talent network security status of enterprises, from 2 0 to more than network security company Zhaopin joint platform launched , "Network Security Personnel Recruitment Week" event , for the whole network recruitment network security excellence .
Learn more >

Organization

Organizers (in random order)
Co-organizers (in random order)

TFC 2021 Targets & Prize-final

Targets & Prizes:

1.  Targets: Chrome

Equipment: Lenovo L14 i7-16G-500SSD

System: win10 21H1

Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $50000

RCE + Sandbox Escape: $150000

 

2.  Targets: Safari

Equipment: Macbook Pro (13inch, 2017, 16G, 256SSD) or MacBook Pro (13inch, M1, 2020, 16G, 512SSD) by request.

System: Mac OS

Requirements: Use Safari to browse remote URL, control the browser or System.

Prizes:

RCE: $40000

RCE + Sandbox Escape: $75000

M1 RCE: $60000

M1 RCE + Sandbox Escape: $120000

 

3.  Targets: Adobe PDF Reader (32 bit)

Equipment: Lenovo L14 i7-16G-500SSD

System: win10 21H1

Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $30000

RCE + Sandbox Escape: $60000

 

4.  Targets: Docker-CE

Equipment: Lenovo L14 i7-16G-500SSD

System: win10 21H1

Host OS: Ubuntu Server 20.04 (latest LTS kernel, generic flavor)

By request: server or desktop

Container: Ubuntu 20.04 (w/ SSH access) desktop

Requirements:

Escape from the container, achieve code execution with root permission on the host OS.

Notes:

Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.

SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).

Prizes:

$60000

 

5.  Targets: Ubuntu 20/CentOS 8

Equipment: Lenovo L14 i7-16G-500SSD

System: Ubuntu 20.04/CentOS 8

Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.

Prizes:

Local Privilege Escalation: $40000

 

6.  Targets: Microsoft Exchange Server 2019

System: Windows Server 2019

Requirements:  Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.

Prizes:

Authenticated: $60000

Unauthenticated: $200000

 

7.  Targets: Windows 10

Equipment: Lenovo L14 i7-16G-500SSD

System: win10 21h1

Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.

Prizes:

Local Privilege Escalation: $20000

Local Privilege Escalation with Kernel-level Access: $40000

 

8.  Targets: VMware Workstation

Equipment: Lenovo L14 i7-16G-500SSD

System: win10 21h1

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

$80000

 

9.  Targets: VMware ESXi

Equipment: Lenovo L14 i7-16G-500SSD

System: win10 21h1

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System. This target requires the contestant to get the root permission of the host OS.

Prizes:

$180000

 

10.  Targets: Ubuntu + qemu-kvm

Equipment: Lenovo L14 i7-16G-500SSD

Host: Ubuntu 20.04 desktop

Use the command sudo apt-get install qemu-kvm virt-manager in the host and use default configurations to install the guest system.

Guest: Ubuntu 20.04 server

RequirementsRun certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

VM Escape within Host Sandbox: $60000

VM Escape + Host Sandbox Escape: $150000

 

11.  Targets: Parallels Desktop

Equipment: MacBook Pro (13inch, 2017, 16G, 256SSD)

System: Mac OS

GUEST: Ubuntu or windows 10 or cent OS by request.

Requirements:

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

$30000

 

12.  Targets: iPhone 13 Pro

Equipment: iPhone 13 pro 128G

System: iOS 15

Requirements: Use iPhone 13 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.

The RCE with sandbox escape or jailbreak will gain additional prizes.

Prizes:

RCE: $120000

RCE + Sandbox Escape: $180000

Remote Jailbreak: $300000

 

13.   Targets: Domestic mobile phones (Android)

Equipment:

小米:Xiaomi Mi 11

OPPOK9 黑桃 K 8G+256G标准版

VIVOS9 5G

Requirements: Use the phone to browse remote URL, escape the browser sandbox and control the phone system.

The sandbox escape with root privilege will gain additional prizes.

Prizes:

RCE+Sandbox: 30000/$4600  

RCE+Root: 50000/$7700

 

14.  Targets: Synology DS220j

Requirements: Achieve code execution on the remote device from LAN.

Prizes: $10000

 

15.  Targets: ASUS Router AX56U 热血版

Requirements: Achieve code execution on the remote device from LAN.

Prizes:

$10000

 

16.   Targets: Domestic New Energy Vehicles

Equipment: please contact us for details

Requirements: please contact us for details

Prizes: up to $50000

 




Close
0 0 0 Day