crowdfense TIME TRAVELER challenge

Vsit the Crowdfense stand at HITB on August 24 and 25 to play!
Exciting prizes for the successful time travelers await!

This challenge will transport you back to the digital landscape of 2019, a time when the Google Pixel 3a, Samsung Galaxy S10, and iPhone X were at the cutting edge of technology. Though these devices might seem outdated now, they were the fortresses of data security in their time.

The goal of this CTF challenge is to demonstrate your exploitation skills of different devices. Remember, this challenge is not about damaging or disabling the device but to comprehend and exploit possible vulnerabilities to gain unauthorized access or escalate privileges.

Ensure you stick to the rules of ethical hacking throughout this task. This is an opportunity to understand the evolution of device security, examine the strongholds and weaknesses of the past, and use that knowledge to anticipate and fortify against future threats.

We will assign points for demonstration of remote code execution, sandbox escape and privilege escalation accordingly with complexity of the target.


OS Version

Patch level



Google Pixel 3a

Android 9

March 5, 2019

4.9.124, Feb 13, 2019


Google Pixel 2 

Android 9

March 5, 2019

4.4.155, Jan 11, 2019


Google Pixel 2 XL

Android 8

September 5, 2017

4.4.56, Aug 29, 2017


Google Pixel 3

Android 9

November 5, 2018

4.9.96, Sep 7, 2018


Apple iPhone X

iOS 13.7



Samsung Galaxy S10

Android 11

February 1, 2021

4.4.113, Feb 8, 2021


Samsung Galaxy S20

Android 11

December 1, 2020

4.19.87, Nov 21, 2020


Netgear R6120



Hack Your Way to HITBSecConf2023 - Phuket!

Do you like online challenges and CTFs? Well here’s your chance to win a fully paid trip to HITBSecConf2023 – Phuket!

Be one of the first to complete any of the 3 challenges below that offer a range of attractive prizes from full access to HITBSecConf2023 – Phuket (a normal priced conf ticket is USD1199), all the way to an all expenses paid trip to come hack on the beaches of Phuket! Imagine 3 fun filled days spent chatting, and chilling with some of the coolest hackers and pwnstars on the planet!

You say you know kungf00? Show us!

Contest runs from 1st July – 21st July


The goal of this challenge is not only to test your ability to exploit these vulnerabilities but also your skills in chaining exploits. Chain two public exploits for Google Chrome and Windows 11. 

Prizes for the best submissions:

  • USD500 cash


Your objective is to discover and exploit a kernel vulnerability on a provided custom-built Android image and escalate privileges. 

Prizes for the best submissions:

  • 1 x HITB2023HKT conference ticket
  • 1 x hotel stay for 2 nights 3 days


Your task is to exploit Remote Code Execution and sandbox escape vulnerabilities in a provided version of Chrome, all via a single crafted webpage.

Prizes for the best submissions:

  • 1 x HITB2023HKT conference ticket
  • 1 x hotel stay for 2 nights 3 days
  • 1 x economy flight ticket (terms and conditions apply)


The link to the VMs and downloadable images will be sent to you via email, so please do not fill in a fake email address 😉



Exploit will be run 10 times. For each successful run:

7 points will be awarded per run  (max 70 points)



If your submission is be made before July 7, 12 AM (UTC):

15 points will be awarded.

If your submission is received after July 15, 12 AM (UTC):

10 points will be awarded


Participants who will provide a detailed write up will receive points even if they did not finish the exploit.

A maximum of 15 points will be awarded