ABOUT PWN0RAMA

Pwn0rama is a premium exploit acquisition program by COSEINC with a focus on desktop, server and mobile platform exploit codes. We believe in paying the appropriate financial rewards to support the research of independent security researchers.

PROGRAM PAYOUT

DESTOP AND SERVER PAYOUTS

Category Payout for RCE Payout for SBX Payout for LPE Payout for Full Chain(RCE + SBX if required + LPE)
Windows 0-click Up to $1,000,000 - - -
Chrome Up to $200,000 Up to $200,000 - Up to $500,000
Firefox Up to $50,000 Up to $30,000 - Up to $100,000
Edge Up to $50,000 Up to $30,000 - Up to $100,000
Safari Up to $50,000 Up to $30,000 - Up to $100,000
Adobe Flash Up to $80,000 - - Up to $100,000
Adobe PDF Up to $50,000 Up to $30,000 - -
MS Outlook Up to $250,000 - - -
ThunderBird Up to $200,000 - - -
MS Office Up to $100,000 - - -
Windows OS - - Up to $80,000 -
Linux OS - - Up to $50,000 -
Mac OS - - Up to $50,000 -
VMWare ESXI VM Escape - - Up to $200,000 -
VMWare Workstation VM Escape - - Up to $80,000 -

MOBILE PAYOUTS

Category Payout for RCE Payout for SBX Payout for LPE Payout for Full Chain(RCE + SBX if required + LPE)
iOS 0-click Remote Jailbreak - - - Up to $2,000,000
iOS Remote Jailbreak - - - Up to $1,500,000
Messaging App - - - Up to $1,000,000
Email App - - - Up to $500,000
Chrome Up to $200,000 Up to $200,000 - Up to $500,000
Safari Up to $200,000 Up to $200,000 - Up to $500,000
iOS - - Up to $200,000 -
Android - - Up to $200,000 -

FREQUENTLY ASKED QUESTIONS

1. WHO CAN TAKE PART IN PWN0RAMA?

We welcome all researchers, except those from United Nations sanction list, to take part in Pwn0rama.

2. WHAT IS THE SUBMISSION PROCESS OF PWN0RAMA?

If you have an exploit code within the categories that we are looking for:

  1. Download our PGP key
  2. Send us an PGP encrypted email with the following information:
    • Name of targeted software/hardware/platform.
    • Version and architecture (x86, x64 etc) of targeted software/hardware/platform.
    • Type of vulnerability (eg. Infoleak, UAF etc).
    • Attack vector/scenario.
    • Success rate of exploit code execution (50%, 80%, 100% etc).
    • Time delay for exploit code execution (number of seconds).
    • Exploitation environment (default installation, privilege, user interaction etc).
    • Setting and/or configurations required for successful exploitation.
    • Any limitations or special requirements?
    • Your PGP key.
  3. We will acknowledge your email and assess your initial submission
  4. If we are not interested in your initial submission, we will inform you so via email within 2 weeks
  5. If we are interested in your initial submission, we will reply you, within 2 weeks, with an initial offer
  6. If you accept our initial offer, you will send us, via PGP encrypted email, the following information for our complete evaluation:
    • A fully functional exploit source code.
    • A detailed technical write-up of the exploit code.
    • A detailed technical write-up of the vulnerability.
  7. We will acknowledge your email and evaluate your submission.
  8. We may correspond with you for clarifications or more information.
  9. We will make you a Final Offer within 2 weeks.
-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFqc4sgBEAC5wgh+nOJyFzHZX2AM9ibzcZhOZhlqL1G/xUmQ0ixmemra6D8d
hdbSpzwxIUvzRoDBOeSVsnjDfBmotDRRfvmF60v8J2ix2eFr0o2s74cxK1klOgOw
opg13PKvaFOB9H5ORcpNwIFj1CQvf/Q8NdftNPLC/9WFXFmrakVVIUWGU/SJxA5d
ptTqeg+Y1rm3XvMVFO/J5QDFU97TxmIU9S5q05qNRlNjN6rOiFtqSxXqm3c+lrxu
nVsYyvH9NwQtl8N4dFDZvN29e20Vvhhg7Yb4719YquqFzoThb6s5opLX1No2M2om
I0/A2JP1Lxcy5o81vyq5QSRRnU7snv5f9tF+10gEyD4p8sZYxvMJ5b+9EGXzVOJv
uHL8MEaSTa2+HwALfno3+Rhw64667KEJeOrmI2RmgNf39QszFLhkuFydBF4/0+y7
R+93gRToIjeC3jvtayM1HZC1pcs+2HEOcPCeVP8wAZJ4zCWSrD5bOcJxVXUki1B7
w64DjV5LqCwx54QHWdpAVi1m3v58A8QvYLnQR6M/v3EV+C2ZhCy0oOPpa2n03p/1
hClXziaWjNxf8OJfoQC2L59o8oY/yzEh51UUsXIIK+YA21SoYqMTC9WD6bUH2n7I
az2PjUCBetah+rd5vCAwy2J7I84O8B7vuJ92kHLLoO3xiDBXL6dbelL8VwARAQAB
tB5DT1NFSU5DIDxwd24wcmFtYUBjb3NlaW5jLmNvbT6JAk4EEwEIADgWIQRereKc
IGgwBelATy4gzuz62gs6wAUCWpziyAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRAgzuz62gs6wMgsEACb9hQmRM0gXx2JuLWV/+HNPEtNq2Tv2OrmfuRvRLuN
t35SqqJMePofg6bCvCL2eQfcZvxWlB54qYSvfFiPSh/Iu79ULRMZOHk4X1NV/JEk
6HHVdlOQHdautU94snf7ta3Qzf8B2Z0I5oABd//OvE0u4A9oRC2QuZFfsXiA7j81
bYcQQRAr3O61zhZELv+JOASqlHUcT0PgYIntmC8vH89AKtLvm6W4izF3XmtIX7RU
GmsINhR8a5ojZL4O681BlAZL1I5G9n2LievKiwg8VdVpPQakLSQUNgnFlb8B/ouo
/a3b5M+fGJbBOZRD5n2+h6k90lWmflQy5L6NLyMG6e5bkwyTMlmT71ohAmf8eGMb
/+sinMoLClxY8gizk/2hS1sZ4ummeHGSd9nogR1EZUWGFaxFD2u2DKqfW7n39Eki
OwntSLSj6eLpI8OpK4mHEzpFB5mdsol55IERuQ5AlT97p1vmi/XYDUg6UWjVV0j6
DRscbBGcRq0I3viu6iwtmKiKha++CvWjQODIsn07IJmjIp/PQ997Hh4mxXhCeqwH
BJKbbLtbn0RxZdizbKwFxPuFjufE+ir1yqmxUqUOD83OegLzdgxwCF6QvWM9DzQO
AKec+NlzFBdeaFhc52m+s4SfYQ99K2PgD/ztiyuSdbDL6CLl2jjbhVBQNZ7f2ysh
DrkCDQRanOLIARAAuuO4CZPRo0AzwWXeceUVJQzdM6m3cj0J1nMaJP4Hou8rYBOH
IFqAr3Llv6fwzdgUQf5b9QNKIgL4878dWPzb+q8GnlikXbRNvLngwglXtikvax99
JuL6AMYxoQenEzlasXuofNqLLdpq1OwKA0eiGvQMZ8xMKhrHg6kVlGBBkkUiGiRx
pe1geOdf8qsTNs1LIs4Buaqv/XfCq14Kc9793IblzLTwcfz5gVVZbZEoB77sj0Ib
YkZHMUqcBF6WMeuX9aqD5DbeH6tNIlh2J6MdMDI5cqst5NjJwdmSssiUYex2uKXh
yBw/ivw9bszlKpvk+0hWb46eOKP2CKaQTGGf201YWnyUYOPbc5z0oQfjyvpo5vuk
KxC4G0cAbdxZ0JDY9Xg5GaAuedfpLz1PlsM74ytfygCX1vEG1BPyMLCtX2MAlfhp
Pb6AJqzFFfOOYutFjYlM3GguCjDwzbQZa1DYbrjjnzKvDihEvznDvhrE8L9iazx7
F3wqWoTS6Lu7Cknb5Rj3zee23PnEm1jmzNXIGcgviazEOwtWDAntQLr3jaghVukp
/YWy1uZ/owoKg3RdPaHmC8U/7RFGyZV+Uc2cilOMn3cIKxTScl15Z6hQY5p1lk/d
ABmHMj3zJ7mSgRxCygLoSIpIYifiZtI3BEvMQriIPUHrI5k7NSLc06ACzWUAEQEA
AYkCNgQYAQgAIBYhBF6t4pwgaDAF6UBPLiDO7PraCzrABQJanOLIAhsMAAoJECDO
7PraCzrAMRQQAKsOOB3BN04Wy4dF7ll10q8+MKtZQgxT0ILGqlqR+ioAKF6daOMc
5d7plAyHQsaCMmvxkPNg0Y3djqTOgVqOtZYuyJC7tnC3gQujEn5fLgDl2Asgh5LR
V3ILQPogdNvH2AvgQU31e4W+rvA7/ohw4vlSHq1lXiGwMOBBgyNTzSLtQLuDY0Fo
3LzpTr6K2aOnH3niTcDSv80r+aQmH0J+/nsm0lg3VchKFVoUyqtKsaNu+6RxtLPd
2RgrRqM0Guc3v8WoOTRuSNJweHJsnXIQprCdbUNeQET/7rarPabhc+Q+pJYm2dQM
0fdMPSs+e2bf7EYHMoaEyXlvwP6y6+p0RKpTa63ikAZf4xjBzqn1Ar3wUTybT1HH
Ub1667cDeY44GM09b7B0fXZBIJ6/4UidGFK9uU1ro+WWACrR6qisZL0ltIH4pxPc
WpQOBx7KF2ua6qw65+MXWiSw5toFuYnb+yRzzmffVqLR1ZHqAklc3J48rouV2kxh
F8i3BNTScUAEth8YngjY7NM7fRckYcV3OoVL47XjJwl8at9XhYs60aTuE1GDlgAc
yC22TVNSoBmwsUbqayBl3JVQxsHwpgNH/ZqRkyxCrMxyakuGFsGYkFiJpCA2Uwpd
M45b1TrrYL1e6G351/525guM3GBtPDRPNNqUm0WWLgPprWaN1TUTdVt2
=dyh7
-----END PGP PUBLIC KEY BLOCK-----
3. WHAT KIND OF SUBMISSIONS IS PWN0RAMA INTERESTED IN?
Operating SystemsBrowsersApplicationsDevices
AndroidGoogle ChromeMicrosoft OfficeApple iPhone
Apple iOSMicrosoft EdgeMicrosoft OutlookSamsung
Microsoft WindowsMozilla FirefoxMozilla ThunderbirdLG
Apple macOSApple SafariAdobe ReaderHuawei
LinuxTORAdobe Flash PlayerGoogle
VMXiaomi
360
4. WHICH TYPES OF VULNERABILITIES/EXPLOITS ARE ELIGIBLE?

Pwn0rama is interested in critical vulnerabilities with fully functional and reliable exploitation codes that will lead to arbitrary code execution, privilege escalation, sandbox escape and leakage of sensitive information.

5. HOW MUCH DO WE PAY?

Payout details can be found above.

6. HOW DO WE PAY YOU?

Payment will be via bank transfer (local or international).

7. WHAT ABOUT PRIVACY AND CONFIDENTIALITY?

We respect researchers’ privacy. We will not disclose your identity or any of your personal information to Third Parties.

8. WHAT DO WE DO WITH YOUR RESEARCH?

Submissions acquired by Pwn0rama will be offered as part of COSEINC’s security research offerings to legitimate government organisations and corporations.