Trend Micro’s Zero Day Initiative (ZDI) this week celebrated its 15-year anniversary and the company has shared some “crazy” and “odd” stories with SecurityWeek.
Since its launch in 2005, ZDI, which describes itself as the world’s largest vendor-agnostic bug bounty program, says it has reported more than 7,500 vulnerabilities to vendors and it has paid out more than $25 million to over 10,000 researchers.
ZDI is also the organizer of the Pwn2Own hacking competitions, where white hat hackers have earned tens or hundreds of thousands of dollars for demonstrating sophisticated exploits targeting smartphones, IoT devices, operating systems, popular software, industrial control systems, and even cars.
Here are the interesting stories from the past 15 years that ZDI has shared with SecurityWeek:
Shutting down government operations:
Back in 2015, we received a submission that demonstrated how to bypass the LNK patch meant to fix a bug used by Stuxnet in 2010. We definitely purchased the bug, and Microsoft patched it quickly. After the Shadow Brokers leak, it came to light that one of the tools was called “EZCheese” – a tool that exploited the LNK patch from 2010. After our submission, the agency (allegedly) developed a different tool called “Brutal Kangaroo” for the same purpose. That’s just one example. Bugs we’ve purchased also helped disrupt the Black Energy APT and were referenced often in the Hacking Team data breach from 2015.
Nearly setting the hotel on fire in Amste ..
Support the originator by clicking the read the rest link below.
