Researcher Resources Archives | Bugcrowd https://www.bugcrowd.com/blog/category/researcher-resources/ #1 Crowdsourced Cybersecurity Platform Thu, 25 Jan 2024 23:11:24 +0000 en-US hourly 1 https://wordpress.org/?v=6.2.2 Hacker Cup 2023; Hack Hack Revolution https://www.bugcrowd.com/blog/hacker-cup-2023-hack-hack-revolution/ Thu, 26 Oct 2023 23:00:37 +0000 https://live-bug-crowd.pantheonsite.io/?p=10959 Ready to step on stage and go head-to-head with your favorite hackers for Bugcrowd’s Hack Hack rEvolution event? You and your team have a shot at a colossal $10K team bonus and an epic opportunity to take home the W for our 3rd annual #BCTeamHunt! If that sounds like your kind of party, then it’s […]

The post Hacker Cup 2023; Hack Hack Revolution appeared first on Bugcrowd.

]]>
Ready to step on stage and go head-to-head with your favorite hackers for Bugcrowd’s Hack Hack rEvolution event? You and your team have a shot at a colossal $10K team bonus and an epic opportunity to take home the W for our 3rd annual #BCTeamHunt! If that sounds like your kind of party, then it’s time to throw yourself on the dance floor and apply for Bugcrowd’s rEvolutionary event! 

We’ve rounded up some of the best public and private programs to put your crew’s hacking skills to the ultimate test. And guess what? This year, we’ve spiced things up with extra special bonus programs that can earn you those coveted extra points! 

Get your squad together and remember this timeless mantra: Stop, collaborate, and listen!

Act fast! There are only 40 spots available. Grab your teammates and shoot for that Perfect Full Combo by  filling out the Team Application. Selection for Hacker Cup teams will be based on the aggregate totals of all-time P1s and P2s on the Bugcrowd platform of participating members. Please read the following rules and instructions:

How Does the Hacker Cup Work? 

  • Assemble a team of 3 – 5 players
  • Hack with your pals and make $$
  • Expedited triage for team submissions on Hacker Cup programs
  • Earn the bragging rights of making BC’s Top 8 Teams in 2023
  • Compete against other teams for a grand prize of $10K and exclusive swag

Important Dates:

  • Selection for the Hacker Cup will launch October 30th ending Nov 2nd. 
    • Applications must be in by 11/2 5pm PST. 
  • Start Date Teams will be announced: Nov 3rd. 
  • First Round: November 3rd – November 24th. 
  • Hacker Break: November 24th – Nov 31st.
  • Final Round: December 1st – December 15th.

There are 2 challenge rounds where participating teams will face potential elimination from the Cup based on challenge points earned during the first round. From there, 8 teams will make it to the second challenge round, where teams will continue their Hunt towards $10k. Keep in mind, teams with the highest number of points based on their unique, non-duplicate submissions will move on to the next round.

How Do Points Work?

Challenge points:

  • P1 unresolved/resolved non-duplicate valid submissions get 60 points along with the standard 40 points 
    • Total point value for a unique P1 submission: 100
  • P2 unresolved/resolved non-duplicate valid submissions get 30 points along with the standard 20 points 
    • Total point value for a unique P2 submission: 50
  • P3 unresolved/resolved non-duplicate valid submissions get 15 points along with the standard 10 points
    • Total point value for a unique P3 submission: 25

Important Details:

Teams that move on to the final challenge round will be informed individually and announced via Twitter. Eliminated teams will not go home empty-handed! 

  • Teams that are eliminated in the first challenge round will get 5 private program invites per person on each team
  • Teams that are eliminated in the first challenge round will also get swag
  • Private invites will be provided to researchers within 4-8 weeks after the challenge

Participation Criteria:

  • Public programs are opted in automatically 
  • Hackers may not have any active escalations or bans to participate. 
  • Hackers must be ID Verified to participate. 
  • Hacker Teams are 5 individuals or less hackers.
  • There will be a maximum of 40 teams competing this year. 
  • Hacker Teams are chosen to participate by team total volume of valid P1s and P2s submitted on the platform.
  • New Hackers must work with Bugcrowd known hackers, if new on the platform.
  • New Hackers are requested to complete a background check to participate

Please note:

  • Last year’s winning team will immediately go to the Top 8 but must compete in both rounds for the competition for final scores. 
  • Researchers can only participate as part of 1 team for the duration of this challenge 
  • Teams must be composed of 3 – 5 researchers per team
  • No swaps will be allowed this year, unless there are extreme circumstances 
  • 5 teams with new hackers will be selected to compete. This will be random amongst new applicants who do not have P1s and P2s on the platform currently. 

Are You Ready to Score Big?

*Left arrow, right arrow, right arrow, right arrow* How flawlessly can your team hit those combos to win the big money!? To date, over 750 hackers from all-over have applied and Hack Hack rEvolutioned over 700 valid non-duplicate submissions. #BCTeamHunt is an amazing opportunity to collaborate with friends, win money and increase awareness and engagement of some seriously cool programs. 

You have until Nov 2nd, 2023 5:00PM Pacific Time to submit your TEAM APPLICATION. Best of luck! 

Hey, don’t forget to stay current on Hacker Cup updates, special announcements, and all things Bugcrowd through our Twitter, Instagram, and Discord.

The post Hacker Cup 2023; Hack Hack Revolution appeared first on Bugcrowd.

]]>
Hacker Spotlight: Cinzinga https://www.bugcrowd.com/blog/hacker-spotlight-cinzinga/ Wed, 13 Sep 2023 18:02:30 +0000 https://live-bug-crowd.pantheonsite.io/?p=10521 Some know him as Cinzinga, some know him as Chris. However you call him, he’s probably left a positive impression on you. He’s a renowned hacker with an unconventional approach to cybersecurity. Specializing in penetration testing and single-application security, Cinzinga has earned a reputation as one of the most ethical, professional and helpful hackers in […]

The post Hacker Spotlight: Cinzinga appeared first on Bugcrowd.

]]>
Some know him as Cinzinga, some know him as Chris. However you call him, he’s probably left a positive impression on you. He’s a renowned hacker with an unconventional approach to cybersecurity. Specializing in penetration testing and single-application security, Cinzinga has earned a reputation as one of the most ethical, professional and helpful hackers in the digital realm. Just a handful of years ago, he instantly began to stand out  due to his preference for single-application testing, rooted in a desire for precision and a deep understanding of the systems they examine. It’s the power of a focused approach for Cinzinga! 

But don’t take our word for it. Read on to learn more about Cinzinga, his approach and what he gets up to in his free time! 

Go on; tell us about yourself. Do you enjoy sports or any sort of physical activity?

“I think it is important to spend time away from the computer screen each day. I try to take a break in the middle of the day to take a walk as well as exercise an hour each day after work.”

Where did you grow up?

“I grew up in the North East, US in New Hampshire.”

We must know. What’s a fun fact about yourself!?

“One of my hobbies outside of cyber security is home brewing. For the last 3-4 years I have been brewing and canning my own beer. It’s a great hobby and my friends love it (no one turns down free beer).”

Free, home-brewed beer 🤝🏽 a good time with pals

Ok. Let’s talk hacking! How did you get into the Cybersecurity space?

“My journey into cybersecurity started in mid-2019. Originally, I was actually going to school for chemical engineering; however, ultimately that path was not the best fit and I needed a change. In mid-2019 I began self-studying for some popular cyber security certifications, such as CompTIA’s Security+. After completing that certification, I learned about Offensive Security’s OSCP certification. At the time, the idea of a practical, hands-on certification enthralled me, so I began studying for that course and was able to complete it by the end of 2019. Moving into 2020 is when I first learned about bug bounty hunting. The idea that I could test my skills against real companies to learn various attacks was very appealing. It was in March of 2020 that I made my account on Bugcrowd.”

What do you specialize in?

“I enjoy bug bounty programs that focus on a single main application rather than a wide scope. I find taking the time to deeply understand the application leads to more interesting and impactful issues.”

We respect your meticulous approach 👍🏽

What and/or who first sparked your interest in hacking?

“No specific person has gotten me into cyber security. However, I have met many great people I would consider mentors and have found the community very welcoming and supportive.”

How long have you been hunting?

“At this point I have been bug bounty hunting for approximately 3.5 years.”

You started hacking and brewing your own beer at about the same time 🤭

How have bug bounties impacted your life?

“Bug bounty hunting has had a tremendous impact on my life. It has given me the opportunity to hone my cyber security skillset against hardened targets. Bug bounty has also directly impacted my career, as companies recognize my time as a bug bounty hunter and consider that experience equivalent to work experience, allowing me to start working as a mid-level pentester right out of college.

Additionally, through bug bounty I have met many amazing hackers at live hacking events and conferences such as DEF CON. It is a great community to be a part of and I have met many great mentors doing this work. I am extremely thankful for the rewards earned through my time as a bug bounty hunter.”

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“I currently work full-time as a pentester for the company White Oak Security. However, I try to spend a few hours each morning working on interesting bug bounty programs. The time spent varies depending on the number of programs I am currently working on.”

Do you have any advice for new hackers or people transitioning into bug bounty?

“The importance of writing a good report cannot be understated. First, having detailed steps to reproduce your findings will aid in the triage process. Next, outlining the impact clearly will prevent disagreements on severity. Finally, having remediation steps is beneficial for the client. 

If a report has all these things and you are still disappointed with the outcome, Bugcrowd’s “Request a Response” feature has helped me get mediation quickly.”

We’ll take this opportunity to do a shameless plus 😜: Request a Response

Why do you hunt with Bugcrowd?

“Starting out, Bugcrowd’s VRT made it very easy for me to understand what counted as a valid bug bounty submission. Moreover, the Bugcrowd staff has always been great about helping researchers. Early in my career, a number of people from the Researcher Success team encouraged me to work on the Bugcrowd platform. Everyone from Bugcrowd is always a pleasure to interact with and it is those interactions that have kept me hunting on Bugcrowd. Hacking is strenuous work.”

Hacking is strenuous! We’re so thankful for all the work you put in 🥰

How do you avoid burnout?

“Sleep is important! I personally try to avoid late night hacking sessions in favor of a good sleep routine. This way I am fresh and ready to go in the morning. 

Additionally, it is important to socialize and step away from the computer to live a balanced life.”

We couldn’t agree more. Quality sleep and good conversations are so important.

What are some goals you have for this year?

“While 2023 is almost over, I am looking forward to next year and hope to remain active on Bugcrowd, participate in more live hacking events, and continue to be a part of the hacker community as well as meet more people at next year’s DEF CON.”

What’s your ideal career?

“I am already in my ideal career! :)”

And we love that for you 😃 Thank you so much Cinzinga! And thank you so much to all hackers putting in that hard work. Keep an eye on Bugcrowd via our Twitter and Instagram, and don’t forget to join us on DiscordSign up for a researcher account today to start your hacking journey!

The post Hacker Spotlight: Cinzinga appeared first on Bugcrowd.

]]>
Hacker Spotlight ft. Dipen https://www.bugcrowd.com/blog/hacker-spotlight-ft-dipen/ Thu, 17 Aug 2023 20:41:24 +0000 https://live-bug-crowd.pantheonsite.io/?p=10314 Let us introduce you to Dipen! A mastermind in the realm of digital infiltration and manipulation. Unveiling the hidden vulnerabilities that lie within the intricate tapestry of business logic, access controls, and server-side defenses, Dipen emerges as a hacker whose methodologies transcend the ordinary.  Not only is he an accomplished hacker, but he’s also super […]

The post Hacker Spotlight ft. Dipen appeared first on Bugcrowd.

]]>
Let us introduce you to Dipen! A mastermind in the realm of digital infiltration and manipulation. Unveiling the hidden vulnerabilities that lie within the intricate tapestry of business logic, access controls, and server-side defenses, Dipen emerges as a hacker whose methodologies transcend the ordinary. 

Not only is he an accomplished hacker, but he’s also super chill, easy going and prioritizes his health and fitness. Keep reading to learn more about Dipen!

Tell us about yourself 🙂 What does your life look like outside of hacking (family/hobbies)?

“I love to go for a workout, long runs, and visit new places to keep myself occupied. This helps me to stay focused and avoid burnout between bug bounty and work.”

Exercise is important for the mind and the body 💪🏽

What kind of music do you enjoy?

“I listen to almost any music; however, it depends on my mood as I’m not very much into music.”

 Do you enjoy sports or any sort of physical activity?

“Yes, I love playing cricket, squash and going for long runs is always my go-to physical activity.”

You must have some healthy lungs!

Where did you grow up?

“I grew up in India”

Let’s talk hacking! How did you get into the Cybersecurity space?

“I always had curiosity about computers, although my initial background was far away from computers. However, I had an interest in cybersecurity during my undergrad days. My main motivation was to break things, and I started exploring to convert my passion into a professional career, after little bit of research I was introduced to Penetration testing, bug bounties and that’s how eventually I got into cybersecurity.”

Breaking things is just plain therapeutic 😊 

What and/or who first sparked your interest in hacking?

“My curiosity to know how one can hack into computer systems sparked my interest. I had very limited knowledge of computers when this thought struck me. That’s when I started exploring hacking and eventually got my hands on some Remote Access Trojans (RATs) for testing purposes.”

We love that you started with so little knowledge and now you’re very successful. As they say, “started from the bottom now we’re here.” 

How long have you been hunting?

“I have been doing bug bounty for more than 5 years now.”

How have bug bounties impacted your life?

“For most of the part, I would say positively. It’s always a great experience to learn new things as you interact with new targets, however there are days or weeks when you don’t find anything, that is when the actual burnout starts.”

Yikes. Burnout is no joke. Can’t wait to hear how you manage that 🤗

Are you a part-time or full-time hacker? How much time do you spend hacking each week?

“I would say a full-time hacker, I spend around 20+ hours in total per week.”

What has been your biggest challenge while hacking? How did you overcome it?

“Staying ahead of the curve, I am still trying to figure out how to overcome it 🙂 Always staying curious and focused definitely helps though.”

Curiosity definitely sounds like a theme with you and all hackers. 

Do you have any favorite tools or resources? What are they?

“Burp will always be my go to tool while testing web apps. I love reading tweets and blogs related to various research that is being actively performed.”

Do you have any advice for new hackers or people transitioning into bug bounty?

“Keep learning and trying, this will help you succeed.”

Just keep swimming 🐠 #IYKYK

Why do you hunt with Bugcrowd?

“I find it very easy to interact with most of the triagers, friendly staff, well organized researcher portal and most importantly, a wide variety of unique products to test and work on.”

Thank you! We love interacting with you and all hackers. You all are the best 🥳

Hacking is strenuous work. How do you avoid burnout?

“To avoid burnout, I take breaks every now and then. Getting disconnected always helps.”

As people who spend so much time in the digital world, disconnecting from it for a bit has got to feel good. 

How do you take care of yourself and your mental health?

“Spend quality time with family.”

Where do you see your journey going from here?

“I’m still learning new things everyday, so I’ll keep doing what I’m doing and see where I land eventually :)”

We think you’ll land somewhere super awesome 😎

What are some goals you have for this year?

“Nothing as specific, grab one opportunity at a time.”

What is your ideal career?

“I’m still figuring that out 🙂 It may take a while before I decide where I end up.”

Anything else you want to include!

“Hoping for some good time with Bugcrowd”

And good times you all shall have 🫶🏽 To learn more about your fellow hackers, don’t hesitate to follow on Twitter, Instagram, and LinkedIn and don’t forget our Discord! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Hacker Spotlight ft. Dipen appeared first on Bugcrowd.

]]>
Hackers Wanted for Aleo’s Inaugural Bug Bounty Program! https://www.bugcrowd.com/blog/hackers-wanted-for-aleos-inaugural-bug-bounty-program/ Thu, 20 Jul 2023 17:36:44 +0000 https://live-bug-crowd.pantheonsite.io/?p=10102 Attention, hackers! Are you ready to put your skills to the test and leave your mark on the future of blockchain technology? Look no further than our partnership with Aleo, the groundbreaking developer platform for building private blockchain applications using zero-knowledge proofs. In an exciting partnership that puts security at the forefront, Aleo is working […]

The post Hackers Wanted for Aleo’s Inaugural Bug Bounty Program! appeared first on Bugcrowd.

]]>
Attention, hackers! Are you ready to put your skills to the test and leave your mark on the future of blockchain technology? Look no further than our partnership with Aleo, the groundbreaking developer platform for building private blockchain applications using zero-knowledge proofs. In an exciting partnership that puts security at the forefront, Aleo is working with Bugcrowd, the industry leader in ethical hacking, to launch their first bug bounty program. This is your chance to dive into the world of blockchain and help Aleo shape a more secure ecosystem. So, gear up and let the hacking begin!

The Bug Bounty Program Unveiled 

We are thrilled to reveal Aleo’s fully live Bug Bounty Program, hosted on the Bugcrowd platform. This program invites talented and passionate hackers from around the globe to put Aleo’s security defenses to the ultimate test. 

To kickstart the Bug Bounty Program, Aleo has allocated an initial reward pool of $500,000 USD. This substantial amount underscores Aleo’s commitment to recognizing and rewarding the valuable contributions made by hackers (otherwise known as security researchers or white hat hackers). This substantial amount is divided into two tiers, ensuring that efforts of varying magnitudes are duly rewarded. Tier P1 offers rewards ranging from $10,000 to $25,000 for the discovery of critical vulnerabilities, while Tier P2 grants rewards ranging from $5,000 to $10,000 for significant findings. 

Take on the challenge

Are you up for the challenge of securing the Aleo network? Join our Bug Bounty Program, showcase your skills, and help us enhance the privacy and security of Aleo. By actively participating, you become an integral part of the Aleo community, working towards a common goal of building a robust and resilient blockchain ecosystem.

Some key points to keep in mind as you hunt:

  • The program scope currently only focuses on Aleo’s snarkOS and snarkVM repositories.
  • Bounties will be paid based on severity of the bug using the Bugcrowd VRT scoring system.
  • Aleo must remain compliant with OFAC programs, and thus cannot pay out bounties to residents in OFAC-sanctioned countries.

How to Get Started

To participate in the Aleo Bug Bounty Program with Bugcrowd, simply login to the Bugcrowd platform and look for the Aleo program. There, you’ll find detailed instructions, guidelines, and the necessary resources to embark on your bug hunting journey. For more information, visit the Aleo program brief on the Bugcrowd platform.

Aleo and Bugcrowd: A Powerhouse Collaboration

Aleo’s Bug Bounty Program, in collaboration with HackerOne and Bugcrowd, is an invitation to security researchers and white hat hackers worldwide to help fortify the Aleo network. With Aleo’s security-first mindset and a generous $500,000 USD reward pool, we are committed to fostering a strong and secure blockchain ecosystem. Join us in this exciting journey into the world of blockchain, contribute your expertise, and together, let’s pave the way for a safer digital future with Aleo.

The post Hackers Wanted for Aleo’s Inaugural Bug Bounty Program! appeared first on Bugcrowd.

]]>
How Successful ID Verification Keeps You Safe and Leads to More Opportunity https://www.bugcrowd.com/blog/how-successful-id-verification-keeps-you-safe-and-leads-to-more-opportunity/ Thu, 25 May 2023 20:44:04 +0000 https://live-bug-crowd.pantheonsite.io/?p=9759 ID verification is a great way to not only secure your identity, but also potentially gain access to even more programs.  While on the Bugcrowd Security Knowledge Platform, we want to ensure your security and make it as easy as possible to access as many programs as possible. The identity verification process is one of […]

The post How Successful ID Verification Keeps You Safe and Leads to More Opportunity appeared first on Bugcrowd.

]]>
ID verification is a great way to not only secure your identity, but also potentially gain access to even more programs. 

While on the Bugcrowd Security Knowledge Platform, we want to ensure your security and make it as easy as possible to access as many programs as possible. The identity verification process is one of the most important first steps in achieving that.

Not only is it easy, but it’s extremely important. When we’re able to match a face to respective ID documents, we reduce the chances of fraud and identity theft while improving the protection of sensitive information and establishing trust. 

To ensure your time on the Bugcrowd Platform is secure and reliable, there are a few do’s and don’ts of ID verification to keep in mind. Following these will guarantee you have a successful ID verification process and can hunt safely.

Let’s start with the do’s of identity verification:

Do ensure that the age difference between the selfie and the ID is not too big. If there is a significant age difference, it can be difficult to make an accurate assessment of the person’s identity.

Do ensure that the selfie image is of good quality. This includes having good lighting conditions, not having reflections on the face, having enough contrast, and ensuring that the essential parts of the face (eyes, nose, and mouth) are fully visible.

Do keep in mind that facial hair and glasses can interfere with the camera and cause a failure in facial recognition.

Do align your face with the oval on the screen or in the app. This will ensure that your face is captured correctly and that the verification process is successful.

Do ensure that you are the only person in the selfie. Multiple people in the selfie can cause confusion and make it difficult to verify your identity.

Let’s move on to the don’ts of identity verification.

Keep in mind that doing any of these can make it difficult to verify your identity and may lead to your identity verification process being rejected:

Don’t use a black and white selfie image or an entire ID as a selfie. 

Don’t manipulate the selfie using filters, digital manipulations, or masks. 

Don’t use a selfie that was captured from a digital or paper copy or video. 

Don’t cover parts of your face with a scarf, hat, or something similar. 

Don’t have a different person perform the identity verification.

Bottom line, keep it as clear and simple as possible so we can ensure your protection on our platform and you can qualify for more programs. For more tips and tricks to navigating the Bugcrowd platform, follow us on Twitter and Instagram, and don’t forget to join us on Discord! The Bugcrowd Forum is also a great place for new ideas. Sign up for a researcher account today to start your hacking journey!

The post How Successful ID Verification Keeps You Safe and Leads to More Opportunity appeared first on Bugcrowd.

]]>
Introducing Request a Response: A new standard for hacker and customer response time https://www.bugcrowd.com/blog/introducing-request-a-response-a-new-standard-for-hacker-and-customer-response-time/ Wed, 03 May 2023 16:34:11 +0000 https://live-bug-crowd.pantheonsite.io/?p=9644 At Bugcrowd, we’re committed to constantly pursuing excellence and innovation in triage to make vulnerability submissions and prioritization faster and easier for hackers and customers, alike.  As a new milestone in that effort, we are thrilled to introduce a groundbreaking, industry-first platform feature: Request a Response. This new feature offers an additional channel for hackers […]

The post Introducing Request a Response: A new standard for hacker and customer response time appeared first on Bugcrowd.

]]>
At Bugcrowd, we’re committed to constantly pursuing excellence and innovation in triage to make vulnerability submissions and prioritization faster and easier for hackers and customers, alike. 

As a new milestone in that effort, we are thrilled to introduce a groundbreaking, industry-first platform feature: Request a Response. This new feature offers an additional channel for hackers to engage with Bugcrowd triagers and customers, with a response ensured within 48-96 hours depending on the type of request. 

As a result, hackers will enjoy improved communication, increased transparency, and most importantly, more time dedicated to hacking–and to earning rewards. For Bugcrowd customers, Request a Response enables faster access to insights from hackers, when decisions about payments or other submission details would benefit from their feedback.

The Old Standard is Out

Unread comments are frustrating, to say the least. In the crowdsourcing space, it’s common for hackers post comments or questions that need to be addressed on their submissions, but for various reasons, the comment will not receive a response for an unacceptably long period of time–or get no response at all, in some cases. 

So, the industry standard has long been: submit a bug, wait for a response, leave a comment while awaiting response, comment goes seemingly unread, reach out to support, and eventually, reach a resolution only after much missed or absent communication. 

This cycle of miscommunication leads to confusion and frustration for everyone involved. Hackers are left wondering about the state of a particular submission and when they can expect movement–and their time, resources, and energy take a hit. 

Request a Response is Here to Deliver, and Here’s How

To solve this problem, Request a Response will help standardize communication between hackers, customers, and Bugcrowd staff. It allows hackers to directly request additional information, or ask a question to Bugcrowd employees and customers. A request triggers specific workflows, notifications, and alert actions to Bugcrowd and customers, who will then address the request within 48-96 hours. For status updates, hackers receive in-platform and email notifications as their request is addressed. 

Communication gaps have been the norm for far too long, and we’re determined to close them. With Request a Response, communication between hackers, Bugcrowd, and customers is streamlined and smooth.

Here’s what our beta testers had to say:

What You Can Expect

Our goal is to make this process as simple and predictable as possible. That leads to clear, reliable communication pathways and timelines. 

With this new standard set by Bugcrowd, hackers can request a response from Bugcrowd across seven different categories:

  • Issue is Reproducible
  • Scope
  • Duplicate State
  • Reward
  • Priority
  • Requesting Update
  • Other

For responses from customers, two types of requests are available: Requesting Update and Other.

Additionally, hackers can provide details about their request to help Bugcrowd staff and customers properly triage and respond to them.

Plus, hackers can use this feature for these different submission substates:

  • Triage
  • Unresolved
  • Resolved
  • Out of Scope
  • Not Reproducible
  • Not Applicable (Bugcrowd only)

This feature is available to the Crowd across our engagements, so hackers and customers can submit a request and receive a quick response, saving time and stress.

The New Standard is Here

Ask questions, get a response: It’s as simple as that. Historically, succinct and predictable communication between hackers, platforms, and customers has been poor, messy, and frustrating. With Request a Response, you can expect clear communication timelines and guaranteed responses. 

For more information on Request a Response or any other Bugcrowd feature, please refer to our Researcher Documentation. Follow along as we continue to expand our platform features by following us on Twitter and Instagram, and don’t forget to join us on Discord and the Bugcrowd Forum. Sign up for a researcher account today to start your hacking journey!

The post Introducing Request a Response: A new standard for hacker and customer response time appeared first on Bugcrowd.

]]>
The Inside Scoop from the 2022 Hacker Cup Winners https://www.bugcrowd.com/blog/the-inside-scoop-from-the-2022-hacker-cup-winners/ Wed, 19 Apr 2023 21:13:00 +0000 https://live-bug-crowd.pantheonsite.io/?p=9583 Are you ready to get the inside scoop from the pros? Get ready to unlock some game-changing knowledge from the event that had everyone buzzing! The 2022 Team Hunt was an epic hunt for the gold medal spot! Not only did we see great assists and scores that were unstoppable across all 30 teams, we […]

The post The Inside Scoop from the 2022 Hacker Cup Winners appeared first on Bugcrowd.

]]>
Are you ready to get the inside scoop from the pros? Get ready to unlock some game-changing knowledge from the event that had everyone buzzing!

The 2022 Team Hunt was an epic hunt for the gold medal spot! Not only did we see great assists and scores that were unstoppable across all 30 teams, we witnessed some spectacular collaboration. Every team was ‘kicking and running all while looking stunning’, but only one team could claim the glorious 1st place prize of $10,000 cash! Along with the moolah, the winning team received challenge coins, a team poster, 1st place medals, and shiny jerseys! 

Let’s learn more about our brave winners  – none other than the crew that likes to go by the name ‘Tess’s Squad’! Tess is a 2022 MVP and loves space, including all things astronomy. Anhnt1337 is a part-time hunter and 2022 MVP focusing on server side bugs and sensitive data leaks with 201 P1’s. HackerX007 is a P1 hunter, 2022 MVP, and P1 Level 7 Warrior with 173 P1’s, but he always makes time for family as he believes they are the key to his success. OrwaGodfather is a P1 Level 7 Warrior and LevelUpX 2022 Champion who loves to hunt for information disclosure and server side P1 bugs. Last, but certainly not least, Todayisnew, a true collaborator with over 35 years of experience automating code, Bugcrowd Bug Bash winner with a goal to hack a happier life and leave the internet more secure.

First things first, you did it! How does it feel winning first place after all your hard work?

Todayisnew – “Great to see the hard work of all my team mates be highlighted.”

Anhnt1337 – “I feel very happy and proud to be part of the team. The team’s efforts have paid off.”

Tess – “It feels amazing, when you prove you did best from the rest.”

‘The best from the rest’ – we’re saving that one!

Looking back, what made you want to put a team together and participate?

Anhnt1337 – “One morning when I woke up, I received a message from Tess that he wanted to invite me to join the team for the Hacker Cup event. Everyone on the team is someone I greatly admire and love for their achievements and contributions to the bug bounty community. I think Tess chose me in part because he saw that in me.”

Tess – “I learn a lot from @OrwaGodfather & @Todayisnew personally so I always wanted to put these two in a team with me and work together on something. Due to the Team Hunt event it was possible to do something like this. @Hackerx007 and @Anhnt1337 were Orwa’s good friends and now because of this event we have developed a good friendship as well.”

Before there was Tess’s Squad, you were just a talented group of hackers. Where did the name Tess’s Squad come from?

Tess – “It was spontaneous that I named it Squad, so I was like what Squad? Since I assembled everyone I named it TESS’s Squad haha.”

OrwaGodfather – “Tess asked me if it’s ok to drop this name as the team name. I said ok, in the end I’m the team captain 😎

We’re curious about how you all got started. What inspired you to become a hacker?

HackerX007 – “I have had a passion in computers, programs, and hacking stuff since I was 14 years old. It just kept growing over the years.”

Todayisnew – “Interest to learn and explore, and necessity to support my family financially. :)”

OrwaGodfather – “To tell myself and tell the world that nothing is impossible, and you can do something, you are protecting thousands of users indirectly.”

Anhnt1337 – “It came out of curiosity and wanting to break things.”  

We see a common theme here – passion, curiosity, and protecting users across the globe!

Despite the abundance of talent each player brings individually, what is the best part about working on a team?

Todayisnew – “Celebrating the successes, and supporting each other during the challenges. :)”

Anhnt1337 – “Learning, sharing and collaborating when finding something interesting. Giving tactics to compete with other teams, and finally celebrating.” –

Tess – “Creativity and able to learn from each others work is the best thing about working in a team.”

OrwaGodfather – “Everything is great. Starting with the team, we all agree on a specific program who does the recon, another one who tests, and another one who reports. The most important thing is that I did a great job in this event and this is important to earn the respect of this great team.” 

Uh-oh! Looks like you used up all of your subs. What obstacles did you have to overcome?

Todayisnew – “All our p5 bugs were not rewarded and triaged as p1’s 😉 We overcame with sending in more reports :)”

Anhnt1337 – “The problem is that everyone has a different time zone. My time zone is the opposite of everyone else’s. So it’s quite difficult to discuss and hunt bugs together. We often had to stay up late.”

OrwaGodfather – “That everyone has a different time zone, so we couldn’t hunt in the same time together. We started leave notes for who was not hunting.”

What did your day typically look like during this event?

Todayisnew – “Check in and wish each other well, share and collaborate and possible bugs.”

Tess – “Mostly P1 severity issues since that’s where the most points were at.”

Hackerx007 – “I woke up and I found that my team during (my night) was working and I found their notes, targets or things that need fuzzing. I started working on these things until I found something that needed recon and leave it as a note for another team member and so on.” 

With different timezones and busy schedules, how did you take care of yourselves during this event?

Anhnt1337 – “The duration of the event was quite long so I did not have any health problems. Outside of hacking, I work for the company and spend most of my time with my family.”

Tess – “When I am not hacking, I usually go workout and come back with a fresh brain of new ideas.”

OrwaGodfather – “Just by saying, ‘no matter how many points we have, it’s not enough.” 

Determination, taking breaks, and some good ole’ movement? Recipe for success.

Even though you were all hacking from different areas of the world, you still had to hack together. How did you all coordinate efforts?

Todayisnew – “Discord for the win :)”

Anhnt1337 – “Eric and Tess have strengths in automatic scanning and scale attack with their recon data. Owra and Hackerx007 are an awesome duo with strengths in recon and fuzzing hidden assets. I focus on server-side issues and 3rd party bugs. We combine each other’s strengths to effectively hunt the most bugs.”

Hackerx007 “Each one of us is good at something, so we collaborated to make the team win.”

We saw a lot of submissions, many being excellent. What was your most impactful bug?

Hackerx007 – “It was a direct RCE”

Tess – “Lots of RCE haha”

Anhnt1337“It always is Remote Code Execution and Sensitive data leakage”

Todayisnew – “Friendship”

Winning takes strategy (and lots of pizza). What was Tess’s Squad’s secret strategy going into a collaboration challenge?

Todayisnew- “Work together, do our best, can’t control the outcome and take care of mental, physical health and each other :)”

Anhnt1337 – “We focus on bugs that can be automated and mass scanning, look for programs in a wide range of scopes, and hunt together.”

Tess – “Just look for high severity issues and get as much as recon we can gather.”

Orwagodfather – “Whatever I find, I add everyone in equal points because in the end I collect friends, not money.”

The event is over, swag is heading your way and you have extra cash. But, if you could change anything about the way your team did things, would you?

Anhnt1337 – “I think it’s online communication. It’s always hard to work in different places, different time zones, and hard to share.”

Todayisnew – “Maybe a video call earlier to have real-time planning and Communication earlier 🙂  “

Communication is key. 🔑

You might be asked to sign some autographs now that you’re at the top. Do you have any tips for those that want to start collaborating?

Tess – “Building trust is very Important to collaborate with anyone. The people I work with are the ones I trust them and I never have second thoughts about anything which makes it very easy for me to work with them.”

OrwaGodfather – “When you collab and hunt try to share everything and try not to hide anything”

Todayisnew – “Build trust with some initial smaller collaborations, see if it’s a good fit, in any new relationship communication and clarity of expectations is so important :)”

We have a feeling there’s plenty to learn when it comes to team challenges. What did you learn from your team members?

Anhnt1337 – “I learned a lot from my team. From Eric and Tess’s way of hunting think out of the box as well as Orwa and Hackerx007’s never-ending efforts. They are truly amazing people both in terms of hacking skills, spirit and ethics. Well worth studying and admiring.”

Todayisnew – “Empathy for life challenges, and more trust in others after such a positive experience :)”

Besides the biggest pizza party ever, do you have any plans for your winnings?

Todayisnew – “Pizza party 😉 and into savings”

Anhnt1337 – “This is an online competition and we are from different countries. So it’s hard to celebrate together. We congratulate each other on twitter. The prize of the contest is enough for me to eat pizza for days :P” 

Hackerx007 – “Focusing on p1s”

Would you like to participate in future hacking events?

Todayisnew – “Always great to connect and learn from others so yes of course :)”

Anhnt1337 – “Sure. Meet and make friends with people in the reputable bug bounty community and many years of experience is always something I look forward to. Build your relationship and they get better and together add value. Tess’Squad was the first team I had success together in a hacking event. Thank you all for giving me the opportunity to do this.”

Tess – “Yes, I would love to :)”

OrwaGodfather – “Yes yes yes for sure yes” 

Hackerx007 – “This was my first hacking event. I learned a lot and I won. Now I’m so optimistic about winning other events, so my answer is yes I absolutely would.” 

Don’t miss out on any future events! Stay caught up by following us on Twitter and Instagram and don’t forget to join us on Discord and the Forum! Sign up for a researcher account today and start your hacking journey!

The post The Inside Scoop from the 2022 Hacker Cup Winners appeared first on Bugcrowd.

]]>
2022 MVP Winner Roundup https://www.bugcrowd.com/blog/2022-mvp-winner-roundup/ Tue, 21 Mar 2023 15:20:54 +0000 https://live-bug-crowd.pantheonsite.io/?p=9248 Bugcrowd is a platform that constantly attracts first-class researchers who work tirelessly to discover and resolve complex bugs. Occasionally a researcher stands out and reaches a level of excellence that deserves recognition. We’re thrilled to announce the MVP Winners for 2022!  What is the Bugcrowd MVP Program? Our MVP program recognizes hackers that consistently bring […]

The post 2022 MVP Winner Roundup appeared first on Bugcrowd.

]]>
Bugcrowd is a platform that constantly attracts first-class researchers who work tirelessly to discover and resolve complex bugs. Occasionally a researcher stands out and reaches a level of excellence that deserves recognition. We’re thrilled to announce the MVP Winners for 2022! 

What is the Bugcrowd MVP Program? Our MVP program recognizes hackers that consistently bring their A-game across Bugcrowd bounty programs. Reaching MVP status is no small feat as it requires them to stay at the top of the priority percentiles for the entire quarter. At the end of each quarter, we review all of our platform submissions to see how each Researcher compares to the rest of the crowd. Those that make it to the top of the quarter become an MVP and are sent exclusive swag rewards to celebrate their achievement. 

 

 

Let’s not waste any more time. Help us celebrate the those that received MVP status for two or more quarters! 

 

Researchers with 4 MVP Quarters in 2022

Researchers with 3 MVP Quarters in 2022

Researchers with 2 MVP Quarters in 2022

Every year, the Bugcrowd team is in awe of the exceptional technical skills and remarkable submissions from our MVPs. We sincerely appreciate our MVPs for contributing to a safer internet. Once again, congratulations 2022 winners! Take a look at the cool swag this year’s warriors received!

     

 

(Please note: If your Bugcrowd Platform profile is set to “Private” it is not included in the lists above.Please ensure your profile is set to “Public” if you’d like to be included in future announcements.) 

For more information on Bugcrowd Incentive Programs, please refer to our Researcher Documentation. Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord and the Forum! Are you ready for MVP status? Sign up for a researcher account today and start your hacking journey!

The post 2022 MVP Winner Roundup appeared first on Bugcrowd.

]]>
Announcing our P1 Warriors for 2022 https://www.bugcrowd.com/blog/announcing-our-p1-warriors-for-2022/ Tue, 21 Mar 2023 15:13:14 +0000 https://live-bug-crowd.pantheonsite.io/?p=9233 We’re excited to announce the winners of our P1 Warrior Program for the year 2022! This past year was truly exceptional, as we received a large number of remarkable submissions across all of our programs. Each report contributed to enhancing the security posture of various industries.  The P1 Warrior incentive program rewards researchers for their […]

The post Announcing our P1 Warriors for 2022 appeared first on Bugcrowd.

]]>
We’re excited to announce the winners of our P1 Warrior Program for the year 2022! This past year was truly exceptional, as we received a large number of remarkable submissions across all of our programs. Each report contributed to enhancing the security posture of various industries. 

The P1 Warrior incentive program rewards researchers for their total count of valid P1 submissions since January 1, 2019. Submissions must be accepted, assigned a P1 severity rating, and marked as “Unresolved,” “Resolved,” or “Informational.”

Let’s get into it. We proudly present the top level P1 Warriors of 2022!

 

Level 5 Warriors: 50+ P1s

Level 4 Warriors: 25+ P1s

Congratulations to all of our winners! Finding and submitting P1’s requires a significant amount of knowledge, effort, and time. We are eagerly anticipating the remarkable accomplishments for the 2023 year. But, wait! We can’t forget the swag aka the best part!

              

 

Please note: Bugcrowd does not list private users in our Incentive Announcement blogs. Please ensure your profile is set to “Public” if you’d like to be included in our next announcement.

For more information on Bugcrowd Incentive Programs, please refer to our Researcher Documentation. Want to stay caught up with all things Bugcrowd? Follow us on Twitter and Instagram and don’t forget to join us on Discord and the Forum! Are you ready to join the hunt? Sign up for a researcher account today and start your hacking journey!

The post Announcing our P1 Warriors for 2022 appeared first on Bugcrowd.

]]>
How to Hack: A Step-by-Step Journey brought to you by Bugcrowd and Katie Paxton-Fear https://www.bugcrowd.com/blog/how-to-hack-a-step-by-step-journey-brought-to-you-by-bugcrowd-and-katie-paxton-fear/ Wed, 15 Mar 2023 00:39:24 +0000 https://live-bug-crowd.pantheonsite.io/?p=9160 Hacking is an amazing activity if you want to be a part of a really cool community, create endless opportunities for yourself and earn some serious rewards. But we won’t lie to you; it takes practice and the educational resources out there are scattered, don’t cover everything, and are limited overall.  One of the most […]

The post How to Hack: A Step-by-Step Journey brought to you by Bugcrowd and Katie Paxton-Fear appeared first on Bugcrowd.

]]>
Hacking is an amazing activity if you want to be a part of a really cool community, create endless opportunities for yourself and earn some serious rewards. But we won’t lie to you; it takes practice and the educational resources out there are scattered, don’t cover everything, and are limited overall. 

One of the most important insights we’ve gained through conversations with hackers all around the world is that starting on your hacking journey can be overwhelming and intimidating. There will inevitably be gaps in the resources out there and no practical way to apply your lessons without diving in head first, which can be really scary. 

That’s why we’re excited to introduce our partnership with Katie Paxton-Fear (aka InsiderPhd) to provide the ultimate hacking series that will take you from zero to hacking in no time! Let the Bugcrowd Platform, paired with comprehensive teachings from a hacker and educator at the top of her game, be your guide. 

In this engaging series we’ll take you through everything from Burp, Bugcrowd’s VRT, targeting, live recon, account takeovers, 2FA, and so much more! Whether you’re a beginner looking to get started, or an expert seeking to learn new methods from a pro, this series will comprehensively cover every aspect of hacking to get you submitting bugs ASAP.

The guide is divided into 6 distinct phases, each phase building on the previous. This creates a sequential learning experience and will guarantee you don’t miss anything, while learning at your own pace. 

But this is the ultimate series that keeps on giving; at the conclusion of each phase, we’ll go-live with Katie and other top hackers to answer all your questions and provide you with practical, hands-on examples to test on. 

Trust us, this is the series you wish already existed. You’ll develop beyond a foundational knowledge of hacking and how to get started with Katie’s weekly video tutorials, write-ups and live hacking demonstrations, and of course, the easy-to-use Bugcrowd Platform.

Tune in Sunday, March 19th, at Bugcrowd University for the first drop. Don’t miss a beat as we continue to release new step-by-step journey content with Bugcrowd and Katie Paxton-fear by following our Bugcrowd Twitter, Instagram, and Discord.

The post How to Hack: A Step-by-Step Journey brought to you by Bugcrowd and Katie Paxton-Fear appeared first on Bugcrowd.

]]>