Program stats

0 vulnerabilities rewarded

12 days average response time

Latest Hall of Famers

The hall of fame is empty.

Recently Joined This Program

89 total

Disclosure

Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Hi all! Bugcrowd has an exciting opportunity to participate in a private, invite-only program with an undisclosed client, against an unreleased product - with rewards up to $250,000!


About the program:

Skills Required:

  • Virtualization (VM breakout, cross guest VM manipulation, exploitation of host components)
  • Kernel and device driver security
  • Firmware security
  • Advanced application security

Focus Areas:

  • Guest VM breakout/isolation failures
  • Code execution beyond the confines of your guest VM
  • Privilege escalation within the guest VM made possible by the underlying platform
  • Any vulnerabilities which could lead to compromise or leakage of data and directly affect the confidentiality or integrity of user data of which affects user privacy (including memory corruption, cross guest VM issues, persistent issues).
  • Denial/degrading service to other customers, or of the underlying platform itself (excluding DDoS)

Do you have these skills?

If so, send a submission (just click the 'Submit a Report' button) to this program that details your experience and why you'd be interested in participating. We'll review all applicants by hand and will let you know directly if you're selected to participate!
Please include:

  • Any credentials or other demonstrations of skills and capabilities in the above outlined areas
  • If applicable, link to your linkedin or other social profiles (if they lend to support your individual abilities and credibility)
  • Past work (if you're free to talk about it, or if it's publicly visible)

Please note that not all applicants will be selected to participate. And all participants will be required to undergo a background check and sign an NDA prior to participating.

Dates: this program will start early September and run for roughly eight weeks until the end of October - so be sure to apply early!

Rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for Informational (P5) findings. Learn more about Bugcrowd's VRT.