Welcome to Pwn2Own Vancouver 2024! This year’s event promises to be the largest-ever Vancouver event - both in terms of entries and potential prizes. If everything hits, we will end up paying out over $1,300,000 in cash and prizes - including a Tesla Model 3. We’ve got two full days of exciting competition ahead. As always, we began our contest with a random drawing to determine the order of attempts. If you missed it, you can watch the replay here.
The complete schedule for the contest is below (all times Pacific Standard Time [UTC - 8:00]).
Note: All times subject to change
Day One
Wednesday, March 20 – 0930
AbdulAziz Hariri of Haboob SA targeting Adobe Reader in the Enterprise Applications category.
Wednesday, March 20 – 1000
DEVCORE Research Team targeting Microsoft Windows 11 in the Local Privilege Escalation category.
Wednesday, March 20 – 1030
STAR Labs SG targeting Microsoft SharePoint in the Server category.
Wednesday, March 20 – 1100
Seunghyun Lee (@0x10n) of KAIST Hacking Lab targeting Google Chrome in the Web Browser category.
Wednesday, March 20 – 1200
Theori targeting VMware Workstation with an additional Windows Kernel LPE vulnerability in the Virtualization category.
Wednesday, March 20 – 1230
DEVCORE Research Team targeting Ubuntu Desktop in the Local Privilege Escalation category.
Wednesday, March 20 – 1300
Bruno PUJOS and Corentin BAYET from REverse Tactics (@Reverse_Tactics) targeting Oracle VirtualBox with an additional Windows Kernel LPE vulnerability in the Virtualization category.
Wednesday, March 20 – 1430
Synacktiv targeting Tesla ECU with Vehicle (VEH) CAN BUS Control in the Automotive category.
Wednesday, March 20 – 1500
Kyle Zeng from ASU SEFCOM targeting Ubuntu Desktop in the Local Privilege Escalation category.
Wednesday, March 20 – 1530
Cody Gallagher targeting Oracle VirtualBox in the Virtualization category.
Wednesday, March 20 – 1600
Manfred Paul (@_manfp) targeting Apple Safari in the Web Browser category.
Wednesday, March 20 – 1700
STAR Labs SG targeting VMware ESXi in the Virtualization category.
Wednesday, March 20 – 1800
Team Viettel targeting Oracle VirtualBox in the Virtualization category.
Wednesday, March 20 – 1830
Manfred Paul (@_manfp) targeting Google Chrome with Double Tap addon in the Web Browser category.
Day Two
Thursday, March 21 – 0930
Marcin Wiązowski targeting Microsoft Windows 11 in the Local Privilege Escalation category.
Thursday, March 21 – 1000
STAR Labs SG targeting VMware Workstation in the Virtualization category.
Thursday, March 21 – 1030
ColdEye targeting Oracle VirtualBox in the Virtualization category.
Thursday, March 21 – 1100
Manfred Paul (@_manfp) targeting Mozilla Firefox with Sandbox Escape in the Web Browser category.
Thursday, March 21 – 1200
Gabriel Kirkpatrick (gabe_k of exploits.forsale) targeting Microsoft Windows 11 in the Local Privilege Escalation category.
Thursday, March 21 – 1230
STAR Labs SG targeting Ubuntu Desktop in the Local Privilege Escalation category.
Thursday, March 21 – 1300
Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks targeting Google Chrome with Double Tap addon in the Web Browser category.
Thursday, March 21 – 1430
HackInside targeting Microsoft Windows 11 in the Local Privilege Escalation category.
Thursday, March 21 – 1500
STAR Labs SG targeting Docker Desktop in the Cloud Native / Container category.
Thursday, March 21 – 1530
Seunghyun Lee (@0x10n) of KAIST Hacking Lab targeting Microsoft Edge (Chromium) with Double Tap Addon in the Web Browser category.
Thursday, March 21 – 1630
Valentina Palmiotti with IBM X-Force targeting Microsoft Windows 11 in the Local Privilege Escalation category.
Thursday, March 21 – 1700
Theori targeting Ubuntu Desktop in the Local Privilege Escalation category.
We’ll be publishing results live on the blog as the contest unfolds. We’ll also be posting brief video highlights to Twitter, YouTube, Mastodon, LinkedIn, and Instagram, so follow us on your favorite flavor of social media for the latest news from the event.