DEVELOP AND NURTURE TALENTS OF THE WORLD

QUANTIFY AND ENHANCE VALUE OF THE INDUSTRY

DEVELOP AND NURTURE

TALENTS OF THE WORLD

QUANTIFY AND ENHANCE

VALUE OF THE INDUSTRY

GEEKCON 2024 INTERNATIONAL HIGHLIGHTS
Sat. 25 May - Sun. 26 May
OCBC Arena @ Singapore Sports Hub
SEE YOU NEXT TIME
PHOTO GALLERY
topic page title

Yakai Li @ExpAttack Team
Guangming Liu @vivo kiMirrOrs sec lab

 

The Art of Deception

Large Model Jailbreak Competition
Can AI Be Manipulated by Evil Force?
topic-icon

Kira Chen

DARKNAVY

Surviving MiraclePtr: Navigating of Webp and Beyond

Comprehensive Revelation of a Highly Sophisticated Cyber Warfare Weapon Targeting Browsers (incl. Demo)
topic-icon

John Doe

 

Can Airport X-ray Detection Machine Be Trusted?

A Challenge that Using Undisclosed Methods to Bypass Common X-ray Detection Machines
topic-icon

Lianji Li

RealAI

Changing Faces with AI Disguise Glasses

A Challenge to Deceive Face Recognition Systems Using AI Adversarial Attack
topic-icon

AVSS

DARKNAVY

Adversarial Vulnerability Scoring System

White Paper 1.0
Official Announcement
topic-icon

Connie Lam

CertiK

Friend or Foe: A Bridge Vulnerability About "Public and Friend"

Disclosing a USD5,000,000 Web3 Bridge Vulnerability
topic-icon

Hao Ke
John Wu
Azhara Assanova

Google Android Platform Security

Hardening Android: Insights and Systemic Protections from Google's Front Lines

Unveiling Comprehensive Countermeasures Behind Multiple Covert Attacks on the Android Platform (incl. Demo)
Contributors: Achim Thesmann, Nan Wu
topic-icon

Ye Wang
Yanze Zhang

University of Macau

Role Play Attack for Web3 DeFi Applications

Reproducing a Unique Method Attacking Decentralized Finance (DeFi) Systems by Mimicking Multiple Roles
topic-icon

Lars Fröder

Cellebrite

Jailbreak Apple iOS16: Defeating Code Signing Using a PPL Bypass

Deep Dive into the Latest Jailbreak Technique (incl. Demo)
topic-icon

John Doe

 

If Autonomous Driving Is Prone to Blinding...

A Challenge that Uses a Low-cost, Miniature Device to Disrupt Radar Systems in Self-driving Cars
topic-icon

Yifei Wu
Cuiying Gao

Dawn Security Lab
JD.com Security

The Secrets Behind Advertising Traffic

Exposing How Criminals Hijack Our Phones to Make Millions: Unveiling the Attacks and Countermeasures(incl. Demo)
topic-icon

kangel
ttt
Nop

FSL Team

Hostile Takeovers within Cloud Hosts Part 1: From Guest to Host

A Challenge that Exploits Unknown Vulnerabilities to Achieve Escape of a Popular Virtual Machine Platform
topic-icon

Neoni

 

Hostile Takeovers within Cloud Hosts Part 2: From Host to Root

A Challenge that Exploits Unknown Vulnerabilities to Achieve Local Privilege Escalation of a Specific Operating System
topic-icon

NWMonster
slipper

Offside Labs

Unlocking Crypto Vulnerabilities: Insights into Hardware Wallet Security

How Crypto Currency Disappears from Your Wallet: Delving Deep into the Attack Techniques (incl. Demo)
topic-icon

Yichi Zhang

Tsinghua University

Can Large Models Be Fooled by Illusion?

A Challenge of Adversarial Image Attack on Multi-Modal Large Models
topic-icon

Boris Larin

Kaspersky

Operation Triangulation: Do Not Attack iPhones of Researchers!

Comprehensive Revelation of a Highly Sophisticated Cyber Warfare Weapon Targeting iPhones (incl. Demo)
topic-icon

Zhaofeng Chen
Yx

CertiK

ModuleBomb: Persistent Blockchain Outage Attack

Reproducing of a SUI Validator Network Vulnerability that Could Crash the Whole BlockChain Network
topic-icon

Peter Hlavaty

 

HyperV and Effective Ways of Fuzzing It for RCEs

Pro Bug Bounty Hunter Reveals for the First Time Attack Technique Targeting Microsoft Virtual Machine (incl. Demo)
topic-icon

Jay Turla

VicOne

How Long Does it Take to Stealthily Unlock a Car?

A Challenge that Exploits Vulnerabilities to Unlock Certain Automotives
topic-icon

YizheZhuang

DARKNAVY

Exploiting Steam: A Journey into Vulnerability Discovery of a CEF-based Application

Revealing Advanced Attack Techniques Infiltrating Client Systems via Popular Gaming Platforms (incl. Demo)
topic-icon

Chao Zhang

Tsinghua University

Machine Language Model for Binary Analysis

Will AI Overtake Binary Security Researchers?
topic-icon

Hai Zhao
Yue Liu

Tiangong Lab

Defeating Self-protection of Chips

A Challenge that Exploits Unknown Vulnerabilities to Bypass CSM/DCSM of Certain Chips
topic-icon

Lorant Szabo
Daniel Komaromy

TASZK Security Labs

Attacking Over the Air: Exploiting Basebands in Radio Layer Two

Disclosing a Remote, Stealthy Smartphone Attack Exploiting Baseband Vulnerabilities (incl. Demo)
topic-icon

Kai Jern Lau

 

Redefine Reverse Engineering in Web3

Applying Bytecode Level Reverse Engineering Techniques to Web3 Incident Analysis (incl. Demo)
topic-icon

Haixin Duan
Xiang Li

Tsinghua University

TuDoor in the DNS Wall: The Fastest DNS Cache Poisoning Attack

Disclosing a Sophisticated Attack Exploiting Unknown Vulnerabilities in Popular Internet Protocols to Hijack Sites (incl. Demo)
topic-icon

Gelei Deng @ NTU
Yuqiang Sun, Daoyuan Wu @ NTU

 

Will AI Become a More Powerful Hacker?

Demonstrations of Using AI in Cyber Attacks
topic-icon

Zhutian Feng
Haojie He

Singular Security Lab

Overlooked Bugs
Serious Impact

1-click Attack: Leveraging Unknown Vulnerabilities in Mainstream Browsers for Remote Code Execution (incl. Demo)
topic-icon

Dennis Giese
Braelynn

 

Could Smart Home Robots Become the Trojan Spying on Our Lives?

A Challenge that Exploits Vulnerabilities to Control Smart Home Robots
topic-icon
AVSS Contest 2024 Final Ranking
First Place
emmmmmmm2024
Second Place
凌武实验室
Third Place
来自东方的神秘力量
Fourth Place
Polaris
Fifth Place
L3H_Sec
AI and Hackers
Annual Themed Debate
AVSS
Contest
DAF
Contest
30 + 5
In-depth Sharing
Web3 and Hackers
Annual Themed Contest
AI and Hackers
Annual Themed Debate
AVSS
Contest
DAF
Contest
30 + 5
In-depth Sharing
Web3 and Hackers
Annual Themed Contest
KEEP ON PWNING EVERYTHING!
Introduction
DAF (Defense & Attack Force) Contest is an immersive, unparalleled and extraordinary hacking contest like no other,
which unveils the real-world vulnerability exploitation threats by showcasing cyber adversarial activities in smart devices and network services.
As an upgraded version of GEEKPWN, DAF Contest continuously encourages contestants to PWN everything.
Schedule
1. Submission: Online submission to cfp@geekcon.top by April 15th. Vulnerability details and codes are not needed in the submission.
2. Evaluation: The GEEKCON Committee will review the submitted applications according to the order of submissions, and select the final accepted project.
3. On-site contest: On May 25th - 26th in Singapore, the accepted contestants will tackle on-site challenges and showcase their exploitation to the audience.
Challenge Objectives
Participants in the submission process can select their own challenge targets, encompassing commercially available or commonly used smart devices and software systems, including commercial/open-source software, IoT products, AI-related products, frameworks, and libraries.
Through the exploitation of security vulnerabilities in their chosen targets, participants are expected to achieve actions such as unauthorized control, unauthorized data access, circumventing original security mechanisms, or guiding the target to make incorrect decisions under reasonable attack conditions.
Challenge Rules
a) Participants are restricted to targeting the original systems, applications, or native security modules of device manufacturers. The software or firmware version of the target device or security module must be equal to or higher than the latest version 30 days before the contest and set to default or commonly used configurations.
b) GEEKCON organizers, based on the information provided by participants regarding their chosen targets and versions, will prepare corresponding contest equipment and environments. Participants must complete the challenge within the contest environment. In instances where the organizer are unable to prepare the challenge environment, participants can request to provide their own challenge equipment. After verification and approval by the organizers, they can participate in the contest.
c) The technical methods and exploited security flaws used by participants in the contest must be self-discovered and implemented. Publicly known or existing security flaws and techniques cannot be used as criteria for winning the contest. If the techniques and security flaws used by participants include non-self-discovered elements, they must inform the organizer during submission process.
d) Participants must complete the challenge within 20 minutes. Failure to do so results in a challenge failure.
Evaluation Criteria
DAF contest participants who successfully complete the challenge will be comprehensively evaluated by the GEEKCON judging committee based on the technical difficulty, technical value, consequences and impact of the challenge project, as well as on-site performance. The final comprehensive score for the challenge project will be calculated.
Participation Rewards
Participants are not obligated to provide details of the vulnerabilities used in their attack to the GEEKCON committee. However, after successfully completing the challenge project, they must provide an overall explanation of how the attack occurred. The judge panel will rate the attack based on the evaluation criteria, determine award levels according to the score, and distribute contest prizes accordingly.
Reference Challenge Projects
a) Exploitation of Automotive Information System Vulnerabilities: Challenge participants discover a 0-day vulnerability in a specific car. After connecting to the in-car WiFi from outside the vehicle, they exploit the vulnerability to gain administrative privileges and open locked car doors from outside.
b) Exploitation of Facial Recognition Access Control System Vulnerabilities: Challenge participants discover a 0-day vulnerability in a specific brand's facial recognition access control system. They use this vulnerability to gain control of the system, modify facial information, bypass identity authentication, and unlock access control.
c) Exploitation of AI Algorithm Deficiencies: Challenge participants can use a special conversational approach to bypass security restrictions of large models like AI. This can induce the targeted model to leak sensitive information, training data, or execute harmful operations.
For more information, please refer to the Call for Paper document.
notice title

1     GEEKCON organizing committee (hereinafter referred to as "the committee") recognizes the technical capability of the winner individually, but doesn't acknowledge that it represents the capability of the winner's working organization.

2    We recognize and promote the comprehensive assessment of vulnerability exploitation capabilities and mitigation mechanisms from a confrontational perspective, and do not endorse the judgement of security levels of the target products involved in the event based on a single dimension or non-quantitative dimension.

3    The committee firmly follows the Responsible Disclosure principle. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

4    The committee advocates and encourages in-depth knowledge sharing and communication, but firmly opposes any speech and behavior that violates laws and regulations or infringes on the rights of others.

5    The committee guarantees that the participants' personal information will not be disclosed to third-party or used for commercial activities without their agreement and authentication.

6    We will set up awards and honors based on the research efforts, technical breakthrough, and technical innovation of the projects. As the top 1 security geek IP operator in China, we always advocate a reward mechanism that emphasizes both honor and moderate bounty, encouraging more geeks to participate in technical innovation and knowledge sharing.

ORGANIZER
CREATOR
PARTNERS
PAST PARTNERS
Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 2 Icon 3 Icon 4 Icon 5 Icon 6 Icon 7 Icon 8 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1
About DARKNAVY
DARKNAVY, an independent and free-spirited security research organization and service provider. We have invented and established AVSS (Adversarial Vulnerability Scoring System) to evaluate and quantify vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. We have also initiated and organized GEEKCON, a unique and top-class security geek event, to empower the development of the global security community.
Our goal is to create a more secure digital world by eliminating vulnerabilities in IT products/services. By sharing our knowledge through consulting and R&D experiences, we aim to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.
About GEEKCON
GEEKCON is the new version of the top security competition, GeekPwn. Initiated by DARKNAVY, GEEKCON aims to become a globally unparalleled technical event for security geeks, pioneering and promoting the visualization and measurable values of security ecosystem capabilities.

Contact

Registration Desk:
Business&Media Cooperations:
© GEEKCON Committee
沪ICP备2021002426号-3