DEVELOP AND NURTURE TALENTS OF THE WORLD

QUANTIFY AND ENHANCE VALUE OF THE INDUSTRY

DEVELOP AND NURTURE

TALENTS OF THE WORLD

QUANTIFY AND ENHANCE

VALUE OF THE INDUSTRY

Current Time 0:00
Duration 0:00
Loaded: 0%
Stream Type LIVE
Remaining Time 0:00
 
1x
    • Chapters
    • descriptions off, selected
    • captions off, selected
      GEEKCON 2024 INTERNATIONAL HIGHLIGHTS
      Sat. 25 May - Sun. 26 May
      OCBC Arena @ Singapore Sports Hub
      SEE YOU NEXT TIME
      PHOTO GALLERY
      PHOTOS
      topic page title

      Yakai Li @ExpAttack Team
      Guangming Liu @vivo kiMirrOrs sec lab

       

      The Art of Deception

      Large Model Jailbreak Competition
      Can AI Be Manipulated by Evil Force?
      Slides 1 Slides 2
      topic-icon

      Kira Chen

      DARKNAVY

      Surviving MiraclePtr: Navigating of Webp and Beyond

      Comprehensive Revelation of a Highly Sophisticated Cyber Warfare Weapon Targeting Browsers (incl. Demo)
      Slides
      topic-icon

      John Doe

       

      Can Airport X-ray Detection Machine Be Trusted?

      A Challenge that Using Undisclosed Methods to Bypass Common X-ray Detection Machines
      topic-icon

      Lianji Li

      RealAI

      Changing Faces with AI Disguise Glasses

      A Challenge to Deceive Face Recognition Systems Using AI Adversarial Attack
      Slides
      topic-icon

      AVSS

      DARKNAVY

      Adversarial Vulnerability Scoring System

      White Paper 1.0
      Official Announcement
      Download
      topic-icon

      Connie Lam

      CertiK

      Friend or Foe: A Bridge Vulnerability About "Public and Friend"

      Disclosing a USD5,000,000 Web3 Bridge Vulnerability
      topic-icon

      Hao Ke
      John Wu
      Azhara Assanova

      Google Android Platform Security

      Hardening Android: Insights and Systemic Protections from Google's Front Lines

      Unveiling Comprehensive Countermeasures Behind Multiple Covert Attacks on the Android Platform (incl. Demo)
      Contributors: Achim Thesmann, Nan Wu
      Slides
      topic-icon

      Ye Wang
      Yanze Zhang

      University of Macau

      Role Play Attack for Web3 DeFi Applications

      Reproducing a Unique Method Attacking Decentralized Finance (DeFi) Systems by Mimicking Multiple Roles
      Slides
      topic-icon

      Lars Fröder

      Cellebrite

      Jailbreak Apple iOS16: Defeating Code Signing Using a PPL Bypass

      Deep Dive into the Latest Jailbreak Technique (incl. Demo)
      Slides
      topic-icon

      John Doe

       

      If Autonomous Driving Is Prone to Blinding...

      A Challenge that Uses a Low-cost, Miniature Device to Disrupt Radar Systems in Self-driving Cars
      topic-icon

      Yifei Wu
      Cuiying Gao

      Dawn Security Lab
      JD.com Security

      The Secrets Behind Advertising Traffic

      Exposing How Criminals Hijack Our Phones to Make Millions: Unveiling the Attacks and Countermeasures(incl. Demo)
      Slides
      topic-icon

      kangel
      ttt
      Nop

      FSL Team

      Hostile Takeovers within Cloud Hosts Part 1: From Guest to Host

      A Challenge that Exploits Unknown Vulnerabilities to Achieve Escape of a Popular Virtual Machine Platform
      topic-icon

      Neoni

       

      Hostile Takeovers within Cloud Hosts Part 2: From Host to Root

      A Challenge that Exploits Unknown Vulnerabilities to Achieve Local Privilege Escalation of a Specific Operating System
      topic-icon

      NWMonster
      slipper

      Offside Labs

      Unlocking Crypto Vulnerabilities: Insights into Hardware Wallet Security

      How Crypto Currency Disappears from Your Wallet: Delving Deep into the Attack Techniques (incl. Demo)
      topic-icon

      Yichi Zhang

      Tsinghua University

      Can Large Models Be Fooled by Illusion?

      A Challenge of Adversarial Image Attack on Multi-Modal Large Models
      Slides
      topic-icon

      Boris Larin

      Kaspersky

      Operation Triangulation: Do Not Attack iPhones of Researchers!

      Comprehensive Revelation of a Highly Sophisticated Cyber Warfare Weapon Targeting iPhones (incl. Demo)
      topic-icon

      Zhaofeng Chen
      Yx

      CertiK

      ModuleBomb: Persistent Blockchain Outage Attack

      Reproducing of a SUI Validator Network Vulnerability that Could Crash the Whole BlockChain Network
      Slides
      topic-icon

      Peter Hlavaty

       

      HyperV and Effective Ways of Fuzzing It for RCEs

      Pro Bug Bounty Hunter Reveals for the First Time Attack Technique Targeting Microsoft Virtual Machine (incl. Demo)
      topic-icon

      Jay Turla

      VicOne

      How Long Does it Take to Stealthily Unlock a Car?

      A Challenge that Exploits Vulnerabilities to Unlock Certain Automotives
      Slides
      topic-icon

      YizheZhuang

      DARKNAVY

      Exploiting Steam: A Journey into Vulnerability Discovery of a CEF-based Application

      Revealing Advanced Attack Techniques Infiltrating Client Systems via Popular Gaming Platforms (incl. Demo)
      Slides
      topic-icon

      Chao Zhang

      Tsinghua University

      Machine Language Model for Binary Analysis

      Will AI Overtake Binary Security Researchers?
      Slides
      topic-icon

      Hai Zhao
      Yue Liu

      Tiangong Lab

      Defeating Self-protection of Chips

      A Challenge that Exploits Unknown Vulnerabilities to Bypass CSM/DCSM of Certain Chips
      Slides
      topic-icon

      Lorant Szabo
      Daniel Komaromy

      TASZK Security Labs

      Attacking Over the Air: Exploiting Basebands in Radio Layer Two

      Disclosing a Remote, Stealthy Smartphone Attack Exploiting Baseband Vulnerabilities (incl. Demo)
      topic-icon

      Kai Jern Lau

       

      Redefine Reverse Engineering in Web3

      Applying Bytecode Level Reverse Engineering Techniques to Web3 Incident Analysis (incl. Demo)
      Slides
      topic-icon

      Haixin Duan
      Xiang Li

      Tsinghua University

      TuDoor in the DNS Wall: The Fastest DNS Cache Poisoning Attack

      Disclosing a Sophisticated Attack Exploiting Unknown Vulnerabilities in Popular Internet Protocols to Hijack Sites (incl. Demo)
      Slides
      topic-icon

      Gelei Deng @ NTU
      Yuqiang Sun, Daoyuan Wu @ NTU

       

      Will AI Become a More Powerful Hacker?

      Demonstrations of Using AI in Cyber Attacks
      Slides 1 Slides 2
      topic-icon

      Zhutian Feng
      Haojie He

      Singular Security Lab

      Overlooked Bugs
      Serious Impact

      1-click Attack: Leveraging Unknown Vulnerabilities in Mainstream Browsers for Remote Code Execution (incl. Demo)
      Slides
      topic-icon

      Dennis Giese
      Braelynn

       

      Could Smart Home Robots Become the Trojan Spying on Our Lives?

      A Challenge that Exploits Vulnerabilities to Control Smart Home Robots
      topic-icon
      AVSS Contest 2024 Final Ranking
      First Place
      emmmmmmm2024
      Second Place
      凌武实验室
      Third Place
      来自东方的神秘力量
      Fourth Place
      Polaris
      Fifth Place
      L3H_Sec
      AI and Hackers
      Annual Themed Debate
      AVSS
      Contest
      DAF
      Contest
      30 + 5
      In-depth Sharing
      Web3 and Hackers
      Annual Themed Contest
      AI and Hackers
      Annual Themed Debate
      AVSS
      Contest
      DAF
      Contest
      30 + 5
      In-depth Sharing
      Web3 and Hackers
      Annual Themed Contest
      KEEP ON PWNING EVERYTHING!
      Introduction
      DAF (Defense & Attack Force) Contest is an immersive, unparalleled and extraordinary hacking contest like no other,
      which unveils the real-world vulnerability exploitation threats by showcasing cyber adversarial activities in smart devices and network services.
      As an upgraded version of GEEKPWN, DAF Contest continuously encourages contestants to PWN everything.
      Schedule
      1. Submission: Online submission to cfp@geekcon.top by April 15th. Vulnerability details and codes are not needed in the submission.
      2. Evaluation: The GEEKCON Committee will review the submitted applications according to the order of submissions, and select the final accepted project.
      3. On-site contest: On May 25th - 26th in Singapore, the accepted contestants will tackle on-site challenges and showcase their exploitation to the audience.
      Challenge Objectives
      Participants in the submission process can select their own challenge targets, encompassing commercially available or commonly used smart devices and software systems, including commercial/open-source software, IoT products, AI-related products, frameworks, and libraries.
      Through the exploitation of security vulnerabilities in their chosen targets, participants are expected to achieve actions such as unauthorized control, unauthorized data access, circumventing original security mechanisms, or guiding the target to make incorrect decisions under reasonable attack conditions.
      Challenge Rules
      a) Participants are restricted to targeting the original systems, applications, or native security modules of device manufacturers. The software or firmware version of the target device or security module must be equal to or higher than the latest version 30 days before the contest and set to default or commonly used configurations.
      b) GEEKCON organizers, based on the information provided by participants regarding their chosen targets and versions, will prepare corresponding contest equipment and environments. Participants must complete the challenge within the contest environment. In instances where the organizer are unable to prepare the challenge environment, participants can request to provide their own challenge equipment. After verification and approval by the organizers, they can participate in the contest.
      c) The technical methods and exploited security flaws used by participants in the contest must be self-discovered and implemented. Publicly known or existing security flaws and techniques cannot be used as criteria for winning the contest. If the techniques and security flaws used by participants include non-self-discovered elements, they must inform the organizer during submission process.
      d) Participants must complete the challenge within 20 minutes. Failure to do so results in a challenge failure.
      Evaluation Criteria
      DAF contest participants who successfully complete the challenge will be comprehensively evaluated by the GEEKCON judging committee based on the technical difficulty, technical value, consequences and impact of the challenge project, as well as on-site performance. The final comprehensive score for the challenge project will be calculated.
      Participation Rewards
      Participants are not obligated to provide details of the vulnerabilities used in their attack to the GEEKCON committee. However, after successfully completing the challenge project, they must provide an overall explanation of how the attack occurred. The judge panel will rate the attack based on the evaluation criteria, determine award levels according to the score, and distribute contest prizes accordingly.
      Reference Challenge Projects
      a) Exploitation of Automotive Information System Vulnerabilities: Challenge participants discover a 0-day vulnerability in a specific car. After connecting to the in-car WiFi from outside the vehicle, they exploit the vulnerability to gain administrative privileges and open locked car doors from outside.
      b) Exploitation of Facial Recognition Access Control System Vulnerabilities: Challenge participants discover a 0-day vulnerability in a specific brand's facial recognition access control system. They use this vulnerability to gain control of the system, modify facial information, bypass identity authentication, and unlock access control.
      c) Exploitation of AI Algorithm Deficiencies: Challenge participants can use a special conversational approach to bypass security restrictions of large models like AI. This can induce the targeted model to leak sensitive information, training data, or execute harmful operations.
      For more information, please refer to the Call for Paper document.
      notice title

      1     GEEKCON organizing committee (hereinafter referred to as "the committee") recognizes the technical capability of the winner individually, but doesn't acknowledge that it represents the capability of the winner's working organization.

      2    We recognize and promote the comprehensive assessment of vulnerability exploitation capabilities and mitigation mechanisms from a confrontational perspective, and do not endorse the judgement of security levels of the target products involved in the event based on a single dimension or non-quantitative dimension.

      3    The committee firmly follows the Responsible Disclosure principle. The committee and contestant commit not to disclose any details to third-party before manufactures fix the issues.

      4    The committee advocates and encourages in-depth knowledge sharing and communication, but firmly opposes any speech and behavior that violates laws and regulations or infringes on the rights of others.

      5    The committee guarantees that the participants' personal information will not be disclosed to third-party or used for commercial activities without their agreement and authentication.

      6    We will set up awards and honors based on the research efforts, technical breakthrough, and technical innovation of the projects. As the top 1 security geek IP operator in China, we always advocate a reward mechanism that emphasizes both honor and moderate bounty, encouraging more geeks to participate in technical innovation and knowledge sharing.

      ORGANIZER
      CREATOR
      PARTNERS
      PAST PARTNERS
      Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 2Icon 3Icon 4Icon 5Icon 6Icon 7Icon 8Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 2 Icon 3 Icon 4 Icon 5 Icon 6 Icon 7 Icon 8 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1 Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 2Icon 3Icon 4Icon 5Icon 6Icon 7Icon 8Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1Icon 1
      About DARKNAVY
      DARKNAVY, an independent and free-spirited security research organization and service provider. We have invented and established AVSS (Adversarial Vulnerability Scoring System) to evaluate and quantify vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. We have also initiated and organized GEEKCON, a unique and top-class security geek event, to empower the development of the global security community.
      Our goal is to create a more secure digital world by eliminating vulnerabilities in IT products/services. By sharing our knowledge through consulting and R&D experiences, we aim to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.
      About GEEKCON
      GEEKCON is the new version of the top security competition, GeekPwn. Initiated by DARKNAVY, GEEKCON aims to become a globally unparalleled technical event for security geeks, pioneering and promoting the visualization and measurable values of security ecosystem capabilities.
      About DARKNAVY
      DARKNAVY, an independent and free-spirited security research organization and service provider. We have invented and established AVSS (Adversarial Vulnerability Scoring System) to evaluate and quantify vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. We have also initiated and organized GEEKCON, a unique and top-class security geek event, to empower the development of the global security community.
      Our goal is to create a more secure digital world by eliminating vulnerabilities in IT products/services. By sharing our knowledge through consulting and R&D experiences, we aim to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.
      About GEEKCON
      GEEKCON is the new version of the top security competition, GeekPwn. Initiated by DARKNAVY, GEEKCON aims to become a globally unparalleled technical event for security geeks, pioneering and promoting the visualization and measurable values of security ecosystem capabilities.
      About DARKNAVY
      DARKNAVY, an independent and free-spirited security research organization and service provider. We have invented and established AVSS (Adversarial Vulnerability Scoring System) to evaluate and quantify vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. We have also initiated and organized GEEKCON, a unique and top-class security geek event, to empower the development of the global security community.
      Our goal is to create a more secure digital world by eliminating vulnerabilities in IT products/services. By sharing our knowledge through consulting and R&D experiences, we aim to enable organizations to better prepare and protect themselves against the ever-evolving threat of cyber attacks.
      About GEEKCON
      GEEKCON is the new version of the top security competition, GeekPwn. Initiated by DARKNAVY, GEEKCON aims to become a globally unparalleled technical event for security geeks, pioneering and promoting the visualization and measurable values of security ecosystem capabilities.

      Contact

      Registration Desk:
      Business&Media Cooperations:
      ©2025 GEEKCON Committee
      沪ICP备2021002426号-3