Security Research
Showing results for 
Search instead for 
Do you mean 

Pwn2Own’s New Exploit Unicorn Prize: Additional Background for Civilians

Angela_Gunn ‎01-30-2014 11:04 AM - edited ‎01-30-2014 01:47 PM

This year at Pwn2Own, we’re hunting the Exploit Unicorn – not because we think there are a lot of researchers out there who can capture it, but because we think there aren’t. That said, an attacker able to win this prize (and $150,000 for their efforts) is able to break through Microsoft’s most powerful protections, including a tool built specifically to protect against sophisticated attacks. Here’s what we’re asking Grand Prize contestants to do:


We begin with Internet Explorer. The latest versions of Internet Explorer run in a special, isolated area of the computer’s memory. Tech folk call that a “sandbox,” but you can think of it as a padded room where an application can spend time without hurting itself or others. The first step in the contest is to break out of IE’s padded room – using a fault in the construction of the padded room itself.


Once that’s done, the contestant must gain control over the rest of the computer. The second challenge is for the contestant to locate and use more faults in the system to read its information, change its data, and eventually control its behavior as he pleases; the newest 64-bit computers make that tough, but a successful contestant will prevail.  


But there’s one more hurdle. Microsoft has software called the Enhanced Mitigation Experience Toolkit (EMET). It essentially builds more padded rooms inside Windows and protects against many kinds of attack techniques – including payloads installed by attackers seeking the Exploit Unicorn. The third and ultimate test for our contestants is to break through EMET protections and truly control the computer.


EMET has been around for a few years, but due to lack of formalized tech support and an intimidating interface, its adoption was limited. Lately, Microsoft has been leaning on EMET a lot more; there’s more support, it’s easier to set up, and they encourage the general public to use it – especially when a new attack is underway. With EMET carrying that kind of burden of protection, researchers are getting more interested in testing its limits, and our Grand Prize reflects that. We may not have any successful contestants, but security researchers thrive on insanely difficult challenges; we’re excited to provide one.


For information on all the prizes and categories available at this year’s Pwn2Own, see the full announcement blog post here.


Angela Gunn

Senior Security Content Developer, HPSR

0 Kudos
About the Author


Nov 29 - Dec 1
Discover 2016 London
Learn how to thrive in a world of digital transformation at our biggest event of the year, Discover 2016 London, November 29 - December 1.
Read more
Each Month in 2016
Software Expert Days - 2016
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all