join the event

International Cybersecurity Contest

With the target of gradually creating China’s own “Pwn2Own”, Tianfu Cup International PWN Contest will have three independent and parallel events: the original vulnerability demonstration and recurrence contest, the product Contest, and the system Contest. All teams are required to use original vulnerabilities to hack the given subject. The total bonus of the contest will reach up to 1.5 million US dollars in a bid to deliver a feast of cyber security technologies.
$1500000

Competition Forum

TFC 2021 International Cyber Security Summit Forum

TFC 2021 summit forum will set up a main forum and nine sub-forums focusing on hot topics in cybersecurity industry. Renowned experts and professionals are invited to share their opinions on the challenges this digital world is facing and what we should do to ensure its safety from the aspect of cybersecurity. Besides, industrial leaders and pioneers are also invited to join this discussion, exploring opportunities and challenges for the development of the cybersecurity industry along with the digital economy. The International Cyber Security Summit Forum of TFC 2021 is established in Southwest China and radiates whole China. It aims at creating the most professional international cyber security event in Southwest China, promoting the high-quality development of China’s cybersecurity industry.

Special events

Results Release Talent Recruitment
Results Release
Exhibitors release new products and technical results in the Achievement Release Hall. The audience and media representatives watch the content of the results release. At the same time, reporters can report on the results as soon as possible, effectively ensuring the dissemination effect of the results release.
Learn more >
Talent Recruitment
The core element of network security construction is network security talents. Digital internal business and external regulatory compliance pressure doubled, have spawned domestic demand for government and enterprise organizations to network security personnel continued growth in length. To address the shortage of talent network security status of enterprises, from 2 0 to more than network security company Zhaopin joint platform launched , "Network Security Personnel Recruitment Week" event , for the whole network recruitment network security excellence .
Learn more >

Organization

Organizers (in random order)
Co-organizers (in random order)

TFC 2021 Targets & Prize-final

Targets & Prizes:


1.  Targets: Chrome

Equipment: to be updated soon

System: to be updated soon

Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $50000

RCE + Sandbox Escape: $150000

 

2.  Targets: Safari

Equipment: to be updated soon

System: Mac OS

Requirements: Use Safari to browse remote URL, control the browser or System.

Prizes:

RCE: $40000

RCE + Sandbox Escape: $75000

M1 RCE: $60000

M1 RCE + Sandbox Escape: $120000

 

3.  Targets: Adobe PDF Reader

Equipment: to be updated soon

System: to be updated soon 

Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $30000

RCE + Sandbox Escape: $40000

 

4.  Targets: WPS

Equipment: to be updated soon

System: to be updated soon 

Requirements: to be updated soon

Prizes: to be updated soon

 

5.  Targets: Docker-CE

Equipment: to be updated soon

System:

Host OS: to be updated soon

Container: to be updated soon

Requirements:

Escape from the container, achieve code execution with root permission on the host OS.

Notes:

Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.

SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).

Prizes:

$60000

 

6.  Targets: Ubuntu 20/CentOS 8

Equipment: to be updated soon

System: Ubuntu 20/CentOS 8

 Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.

Prizes:

Local Privilege Escalation: $40000

 

7.  Targets: Microsoft Exchange Server 2019

System: Windows Server 2019

Requirements:  Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.

Prizes:

Authenticated: $60000

Unauthenticated: $200000

 

8.  Targets: Windows 10 2004

Equipment: to be updated soon

System:  Windows 10 2004

Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.

Prizes:

Local Privilege Escalation: $20000

Local Privilege Escalation with Kernel-level Access: $40000

 

9.  Targets: VMware Workstation

Equipment: to be updated soon

System: to be updated soon

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

$80000

 

10.  Targets: VMware ESXi

Equipment: to be updated soon

System: to be updated soon

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System. This target requires the contestant to get the root permission of the host OS.

Prizes:

$180000

 

11.  Targets: Ubuntu + qemu-kvm

Equipmentto be updated soon

System

Host: Ubuntu

Use the command sudo apt-get install qemu-kvm virt-manager in the host and use default configurations to install the guest system.

Guest: Ubuntu

RequirementsRun certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

VM Escape within Host Sandbox: $60000

VM Escape + Host Sandbox Escape: $150000

 

12.  Targets: Parallels Desktop

Equipment: to be updated soon

System: to be updated soon

Requirements: to be updated soon

Prizes:

$30000

 

13.  Targets: iPhone 12 Pro
System: iOS 14
Requirements: Use iPhone 12 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.

 

14.   Targets: Domestic mobile phones (Android)

Equipment: to be updated soon

System: to be updated soon

Requirements: Use the phone to browse remote URL, escape the browser sandbox and control the phone system.

The sandbox escape with root privilege will gain additional prizes.

Prizes:

RCE + Sandbox Escape : to be updated soon

RCE + Root: to be updated soon

 

15.  Targets: Synology DS220j

Requirements: Achieve code execution on the remote device from LAN.

Prizes:

to be updated soon

 

16.  Targets: ASUS Router AX AX56U

Requirements: Achieve code execution on the remote device from LAN.

Prizes:

$10000

 

17.   Targets: Domestic New Energy Vehicles

Equipment: to be updated soon

System: to be updated soon

Requirements: to be updated soon

Prizes:

$50000

 


Close
0 7 9 Day
Registration Top
0 7 9 Day