Welcome to Pwn2Own Vancouver 2024! This year’s event promises to be the largest-ever Vancouver event - both in terms of entries and potential prizes. If everything hits, we will end up paying out over $1,300,000 in cash and prizes - including a Tesla Model 3. We’ve got two full days of exciting competition ahead. As always, we began our contest with a random drawing to determine the order of attempts. If you missed it, you can watch the replay here.

The complete schedule for the contest is below (all times Pacific Standard Time [UTC - 8:00]).

Note: All times subject to change

Day One

Wednesday, March 20 – 0930              

AbdulAziz Hariri of Haboob SA targeting Adobe Reader in the Enterprise Applications category.

Wednesday, March 20 – 1000              

DEVCORE Research Team targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Wednesday, March 20 – 1030              

STAR Labs SG targeting Microsoft SharePoint in the Server category.

Wednesday, March 20 – 1100              

Seunghyun Lee (@0x10n) of KAIST Hacking Lab targeting Google Chrome in the Web Browser category.

Wednesday, March 20 – 1200              

Theori targeting VMware Workstation with an additional Windows Kernel LPE vulnerability in the Virtualization category.

Wednesday, March 20 – 1230              

DEVCORE Research Team targeting Ubuntu Desktop in the Local Privilege Escalation category.

Wednesday, March 20 – 1300              

Bruno PUJOS and Corentin BAYET from REverse Tactics (@Reverse_Tactics) targeting Oracle VirtualBox with an additional Windows Kernel LPE vulnerability in the Virtualization category.

Wednesday, March 20 – 1430              

Synacktiv targeting Tesla ECU with Vehicle (VEH) CAN BUS Control in the Automotive category.

Wednesday, March 20 – 1500              

Kyle Zeng from ASU SEFCOM targeting Ubuntu Desktop in the Local Privilege Escalation category.

Wednesday, March 20 – 1530              

Cody Gallagher targeting Oracle VirtualBox in the Virtualization category.

Wednesday, March 20 – 1600              

Manfred Paul (@_manfp) targeting Apple Safari in the Web Browser category.

Wednesday, March 20 – 1700              

STAR Labs SG targeting VMware ESXi in the Virtualization category.

Wednesday, March 20 – 1800              

Team Viettel targeting Oracle VirtualBox in the Virtualization category.

Wednesday, March 20 – 1830              

Manfred Paul (@_manfp) targeting Google Chrome with Double Tap addon in the Web Browser category.

Day Two 

Thursday, March 21 – 0930   

Marcin Wiązowski targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1000   

STAR Labs SG targeting VMware Workstation in the Virtualization category.

Thursday, March 21 – 1030   

ColdEye targeting Oracle VirtualBox in the Virtualization category.

Thursday, March 21 – 1100   

Manfred Paul (@_manfp) targeting Mozilla Firefox with Sandbox Escape in the Web Browser category.

Thursday, March 21 – 1200   

Gabriel Kirkpatrick (gabe_k of exploits.forsale) targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1230   

STAR Labs SG targeting Ubuntu Desktop in the Local Privilege Escalation category.

Thursday, March 21 – 1300   

Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) from Palo Alto Networks targeting Google Chrome with Double Tap addon in the Web Browser category.

Thursday, March 21 – 1430   

HackInside targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1500   

STAR Labs SG targeting Docker Desktop in the Cloud Native / Container category.

Thursday, March 21 – 1530   

Seunghyun Lee (@0x10n) of KAIST Hacking Lab targeting Microsoft Edge (Chromium) with Double Tap Addon in the Web Browser category.

Thursday, March 21 – 1630   

Valentina Palmiotti with IBM X-Force targeting Microsoft Windows 11 in the Local Privilege Escalation category.

Thursday, March 21 – 1700   

Theori targeting Ubuntu Desktop in the Local Privilege Escalation category. 

We’ll be publishing results live on the blog as the contest unfolds. We’ll also be posting brief video highlights to Twitter, YouTube, Mastodon, LinkedIn, and Instagram, so follow us on your favorite flavor of social media for the latest news from the event.