NEWS AND EVENTS

We are going to have Pwn0rama in Shanghai (24-25, Nov). USD500,000 for iOS remote jailbreak and USD700,000 for Android Chrome RCE+SBX(persistent). Register now at https://www.coseinc.com/en/index.php?rt=pwn0rama

Registration for SyScan360 in Shanghai is open. There will be only 200 tickets for sale. Registration will close Nov 6. Go grab your ticket.

Safari exploit with sandbox escape into kernel context that works on 5c and 6s, is reliable(1), runs fast(2) and generic(3): Total: $345,000

Safari exploit without sandbox escape that works on iphone 6s only, is reliable(1) and runs fast(2): Total: $51,000 #pwn0rama

we have written a new version of the rules for PWN0rama. feel free to use it for your similar competition. #pwn0rama #coseinc

i received a letter from the lawyers of HPE threatening legal action if i do not take down PWN0rama @dragosr #pwn0rama #coseinc @COSEINC_SG

i am pleased to announce that @thegrugq will be one of the distinguished judges at PWN0rama #PWN0rama #COSEINC

PWN0rama will offer all successful contestants 2 nights of hotel stay (swissotel stamford). please sign up by 29 Feb 2016.

If you have a sandbox escape for Safari browser context to kernel (iOS) context, we will pay you US$100k.

if you have a mobile web browser exploit lying around, come to Pwn0rama and we will pay between US$30k - US$80k

COSEINC is organising mobile Pwn0rama 23-24 March 2016. Prizes worth US$500,000 to be won. More details available at https://www.coseinc.com/en/index.php?rt=pwn0rama …

COSEINC is hiring Browser Security Researchers. If you are interested, please email info@coseinc.com

Linux Security Researcher Job Descriptions: • Perform source code auditing to identify bugs within Linux kernel or open-source applications that may bypass existing security mitigations, thereafter leading to code execution. • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on the Linux security landscape Requirements: • Experiences in auditing source code for Linux Kernel and open-source applications (and services) for bugs that may lead to code execution • Good understanding of kernel and userspace exploitation, preferable with experiences in developing proof-of-concepts to demonstrate the severity of bugs found • Demonstrate requirements a. and b. through one or more of the following - Issued security advisories - Relevant work experience - Presented at renowned conferences - Wrote blog/articles on relevant topics

Web Browsers Security Researcher Job Descriptions: • Perform cutting edge vulnerability research on web browsers (running on Windows OS). • Identify and audit browsers for bugs that may lead to RCE and bypassing/mitigation of security mechanisms • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on new security technologies that may impact web browsers Requirements: • Experiences in auditing browsers running on Windows for bugs that may lead to remote code execution (RCE) • Good understanding of different browser security mechanisms, such as sandboxes, and preferably experiences in auditing these mechanisms to bypass/mitigate them • Ability to create POC exploits that demonstrates the severity of security vulnerabilities found • Good track record, demonstrated through one or more of the followings: - Issued security advisories - Relevant work experience - Presented at renowned conferences - Wrote blog/articles on relevant topics

Virtualization Security Researchers Job Descriptions: • Perform cutting edge vulnerability research on Hypervisor technology. • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on the security landscape, especially in the area of hypervisor vulnerabilities. Requirements: • Experience with Binary Analysis and Reverse Engineering • Experience with researching on VMware Hypervisors • Ability to create POC exploits that demonstrates the severity of security vulnerabilities found • Good record of performing hypervisor related vulnerability research, demonstrated by the following: - Wrote blog/articles on relevant topics - Training classes - Presented at renowned conferences - Publicly disclosed CVEs - Relevant work experience - Substantial code contributions to open-source hypervisors

Mobile Security Researchers Job Descriptions: • Perform cutting edge vulnerability research on IOS or Android. • Write detailed technical reports and develop PoC code to demonstrate security issues found. • Recommend remediation measures to mitigate the vulnerabilities. • Stay updated on the security landscape, especially in the area of mobile vulnerabilities. Requirements: • Experience with Reverse Engineering , Debugging and Code Analysis on IOS or Android • Experience with vulnerability research on IOS or Android • Solid understanding of IOS/Android security model, how they are implemented and how they can be bypassed • Ability to create POC exploits that demonstrates the severity of security vulnerabilities found • Strong problem solving and analysis skills • Good track record in the area of IOS and Android vulnerability research, demonstrated by the following: - Issued security advisories - Relevant work experience - Presented at renowned conferences - Wrote blog/articles on relevant topics

We are hiring the following roles: Mobile Security Researchers Virtualization Security Researchers Web Browsers Security Researchers Linux Security Researchers Send in your detailed CVs to info@coseinc.com

We are at NUS Career Fair booth 155. Do come down and visit us.

COSEINC's analysis of XratClient that affected Hong Kong is now available at https://camal.coseinc.com/publish/From%20Xratclient%20to%20HK%20with%20Love.pdf

COSEINC's analysis of the Phenom malware is now available at https://camal.coseinc.com/publish/Phenom%20-%20Bypassing%20Antivirus.pdf

COSEINC's analysis of TDR is now available for download at https://camal.coseinc.com/publish/2014TDR.pdf

We have just published the analysis of Trojan.TDR. The report can be found at https://camal.coseinc.com/publish/2014TDR.pdf

At the launch of CAMAL v2, we will also launch Mobile Apps Threat Reporting Service powered by VisualThreat. So email info@coseinc.com to sign up for the launch seminar.

On January 24, 2014 COSEINC will launch CAMAL v2 at the Swissotel Merchant Court Hotel. The technical highlights of CAMAL v2 are: Behaviour Tracking Engine that captures all interactiona between a malware and the OS; Behaviour Hueristic Engine that analyses a malware's behaviour to determine if it's malicious; a fast Clustering Engine that determines if a malware is unique or a variant of an existing family; and a Multi-AV engine that scans a malware with updated leading AV vendors.

In late January 2014 COSEINC will be launching CAMAL v2 with clustering engine, multi-AV scan, behavior tracking and heuristic capabilities.