When the pandemic required everyone to work from home we saw a huge growth on the video conference market. It was this movement that made the organisation behind the world famous Pwn2Own competition decide to add an 'Enterprise Communication' category to this year’s competition. Everyone who was able to successfully demonstrate a zero-day attack chain against was rewarded with $200.000. We decided to take them up on this challenge, and started researching. This resulted in a working exploit against the then latest version of Zoom, that would give the attacker full control over your system. With this research we where able to win this year’s Pwn2Own competition. Now Zoom has fixed all vulnerabilities we found; we can share the details of our research.

Target audience: operational / technical


time: 14:25

Other sessions:

CTI for CERT's, the Dutch approach

COLTRANE: Collaborative Cybersecurity Awareness Education

How Industry-Law Enforcement Collaboration Can Tackle the Globalization of Cybercrime

The SOCCRATES Project – Automating Threat Intelligence and Adversary Emulation

Connecting and securing IT/OT/IoT: Our Journey