Zeroday Cloud Hackathon Awards $320,000 for 11 Zero-Day Exploits

Zeroday Cloud Hacking Event Awards $320,000 for 11 Zero-Day Exploits

The Zeroday Cloud hacking competition held in London recently concluded with researchers receiving a total of $320,000 for uncovering critical remote code execution vulnerabilities in cloud infrastructure components.

Focused on cloud systems, the competition was organized by Wiz Research in collaboration with industry giants like Amazon Web Services, Microsoft, and Google Cloud.

During the event, researchers successfully exploited 11 zero-day vulnerabilities, achieving an 85% success rate across 13 hacking sessions.

A blog post detailing the event revealed that $200,000 was awarded on the first day for successfully exploiting vulnerabilities in Redis, PostgreSQL, Grafana, and the Linux kernel.

On the second day, researchers earned an additional $120,000 by demonstrating exploits in Redis, PostgreSQL, and MariaDB – the most commonly used databases in cloud systems for storing sensitive information.

One of the significant exploits involved compromising the Linux kernel through a container escape flaw, allowing attackers to breach cloud tenant isolation, which is a fundamental security measure in cloud environments.

Cybersecurity firms Zellic and DEVCORE were awarded $40,000 for their successful exploits during the competition.

Artificial Intelligence was also a focal point, with attempts made to target the vLLM and Ollama models, although both were unsuccessful due to time constraints, potentially preventing exposure of private AI models and data.

At the conclusion of the competition, Team Xint Code was crowned the champion for successfully exploiting vulnerabilities in Redis, MariaDB, and PostgreSQL, earning $90,000 for their exploits.

Although the event had a positive outcome, the total prize pool of $4.5 million remained largely untouched, with only a fraction awarded to researchers showcasing exploits across various targets.

Categories and products that did not see any exploits during the competition included AI (Ollama, vLLM, Nvidia Container Toolkit), Kubernetes, Docker, web servers (nginx, Apache Tomcat, Envoy, Caddy), Apache Airflow, Jenkins, and GitLab CE.

Addressing broken IAM is crucial for your business, impacting various aspects beyond just IT operations.

This comprehensive guide explores the shortcomings of traditional IAM practices, illustrates effective IAM strategies, and provides a checklist for building a scalable IAM framework.

Get the guide