Preparing for Live Pwnage: Mitigation Bypass Bounty Machine Specs for Black Hat

With about one week to go before we all gather at Black Hat in Las Vegas, we’re getting inquiries about precisely how the promised Live Mitigation Bypass Bounty judging at Black Hat will work. For most of the world, it works best when you get a good spot at the Microsoft booth (#301) around noon each day, so you can clearly see the excitement as some of security’s best and brightest look to pop built-in Windows 8.1 preview mitigations in truly novel ways. Will one or more talented folk qualify for the $100,000 bounty on new exploitation techniques? We’re as eager to find out as you are.

Perhaps you intend to be the first person EVER to qualify for the largest ongoing bounty for new attack techniques offered by any company so far. In that case, allow us to tell you more about the machine you’re looking to win. (In addition to $100,000, we’ll give anyone able to demonstrate a truly novel mitigation bypass the very computer on which they’ve demonstrated it.) The specifications for the machines at the booth on Wednesday and Thursday are as follows:

The Specs
The machine: Lenovo ThinkPad X1 Carbon Touch
The host OS: Windows 8 (x64)
The guest OS: Windows 8.1 Preview (x64)
  – Using default settings
  – Using local account
Guest RAM: 4GB
Guest processors: 4
Guest networked via dedicated Network Interface Card


The Live Bounty Experience
If you’re planning to try your hand at getting $100,000 from Microsoft, show up at the booth a little before lunchtime on the day of your choosing. We recommend coming by 12:30 PM, since the lunch hour starts at 12:45 PM. 

Bring your exploit (with source code) and a copy (electronic or print, as you prefer) of the white paper detailing the new exploit technique, as described in the guidelines. We’ll walk you through some basic qualifying questions listed in the guidelines — things like making sure you don’t live in a country that is subject to US trade embargoes, and that you don’t work for Microsoft (or live with or are a close family member of someone who works here).  As long as you’re over the ripe old age of 14 and have met all compliance requirement outlined in the guidelines, we’ll let you have a go at the $100,000 bounty. Minors should bring a parent or legal guardian to sign all the paperwork and accept the money on their behalf.

Two of our judges will be on hand as you demonstrate your bypass technique to the cheering throngs. If you’re successful at the live demo portion of the event, you and the judges will be whisked away to de-brief in the private Judging Suite upstairs, where they’ll examine your work more closely and ask any relevant questions while you enjoy a well-earned break from the chaos. (It is possible we’ll be tweeting with excitement at this point, just because.) They will review your whitepaper as well in the suite, and the final qualification will come AFTER the judges have a chance to discuss the bypass privately with you. 

Once the bypass and your eligibility are fully confirmed, we’ll tweet out confirmation (from @k8em0 and @msftsecresponse) to a breathlessly waiting world. The press will be eager to meet you, and our customers will be grateful that you decided to use your intellect for the greater good of helping to protect over a billion computers worldwide.

As far as qualifying for the BlueHat Bonus for Defense (up to an extra $50,000 for a defensive idea to go with your new exploitation technique), we’d gladly accept the whitepaper from you that describes that idea. We won’t be doing live qualifications for that portion in Vegas, however, since we’d need to judge those submissions against a range of factors such as application compatibility, among others, in order to determine a bounty there.  If we do get a qualifying defensive submission as part of your entry – we’ll notify you of the good news via secure [at] Microsoft [dot] com as soon as we can.

Happy hunting —

Katie Moussouris
Senior Security Strategist, MSRC (that’s a zero)