Auctions run at significantly different speeds for different prize tiers

Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...

Announcing the 2021 Metasploit Community CTF

It’s time for another Metasploit community CTF! Last year’s beginner-friendly CTF attracted a wider range of audiences and skill levels than in previous years, so we’re replicating our previous game architecture. Players will attack a single Linux target, we’ve spread prizes out across 15 teams,...

[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

!\The Lost Bots\ Bonus Episode: Velociraptor Contributor Competitionhttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpeg Welcome back for a special bonus edition of The Lost Bots, a vlog series where Rapid7 Detection and Response Practice...

Announcing the 2020 December Metasploit community CTF

It’s time for another Metasploit community CTF! We're back on our usual end-of-year schedule this time around, and we’re doing a few things differently. Past CTFs have featured a wide range of challenges across different architectures, difficulty levels, and targets. This year, we wanted to make...

h1-ctf: [H1-2006 2020] H1-2006 CTF Writeup

Hi! The challenges were really great. I had a lot of fun and I can honestly say I learned a few tricks during this journey. I will be submitting the flag now and will work on a very good writeup until the deadline. My reasoning is that there are two different prizes, one for the first ten and...

Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment

The very first Pwn2Own hacking competition that exclusively focuses on the industrial control systems ICS has kicked off in Miami. So far, a total of $180,000 has been awarded for pwning five different products. The contest hosts at Trend Micro’s Zero Day initiative ZDI have allocated more than...

The cake is a lie! Uncovering the secret world of malware-like cheats in video games

In 2018, the video game industry became one of the most lucrative in the world, generating $43.4 billion in revenue within the United States alone. When we consider that video game licenses are only a fraction of the total market, it becomes clear just how important the industry is compared to th...

Explained: like-farming

Like-farming, aka like-harvesting, is a method used by commercial parties and scammers alike to raise the popularity of a site or domain. The ultimate dream of every like-farmer is for his post to go viral by accumulating as many likes and shares as possible from all over the world. Like-farmers...

Enter to Win a $250 Gift Card at #CbConnect18

To make Cb Connect 2018 even more exciting, we’re hosting a Twitter contest to see who can rack up the most engagement on Twitter. If you want to participate, just share your thoughts about Cb Connect 2018 on Twitter by telling us what you’ve learned, which sessions you liked most, who you got to...

Enter to Win a $250 Gift Card at #CbConnect18

To make Cb Connect 2018 even more exciting, we’re hosting a Twitter contest to see who can rack up the most engagement on Twitter. If you want to participate, just share your thoughts about Cb Connect 2018 on Twitter by telling us what you’ve learned, which sessions you liked most, who you got to...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of January 22, 2018

Yesterday, the Zero Day Initiative ZDI announced the dates and contest rules for Pwn2Own 2018. Last year, we celebrated the 10th anniversary of the event and the 11th year is going to be bigger than ever! Pwn2Own will be returning to Vancouver, BC, at the CanSecWest Conference on March 14-16, 201...

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week...

Hack with Metasploit: Announcing the UNITED 2017 CTF

Got mad skillz? Want mad skillz? This year at Rapid7s annual UNITED Summit, were hosting a first-of-its-kind Capture the Flag CTF competition. Whether youre a noob to hacking or a grizzled pro, youll emerge from our 25-hour CTF with more knowledge and serious bragging rights. Show off your 1337...

Announcing the Project Zero Prize

Posted by Natalie Silvanovich, Exploit Enthusiast Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests. Hoping to continue the stream of great bugs, we’ve decided to star...

Coin Dozer - Free Prizes - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Coin Dozer - Free Prizes published at the 'play' market has multiple vulnerabilities...

Safari, Flash Fall at Pwn2Own 2016 Day One

Apple Safari and Adobe Flash have proved to be Pwn2Own 2016’s biggest punching bags so far—hackers took down both, earning $282,500 in prizes at the first day of the annual hacking challenge in Vancouver on Wednesday. There were four successful attempts, one partial, and one failed attempt at the...

phpyun v3.2 (20141226) 两处注入。

简要描述： 最近更新日期（2014-12-26） 又更新了, 麻烦别再给5rank了 20走起可好。 一处是新的 一处算是绕过补丁了。 之前还有一两个没打补丁哦 加快速度把。 详细说明： 第一处 新发现的在兑换奖品的时候 在model/redeem.class.php中 function dhaction $this-publicaction; if!$this-uid && !$this-username $this-obj-ACTlayermsg"您还没有登录，请先登录！",8,$SERVER'HTTPREFERER'; if$POST'submit'...

Hacker's Dome - Gamification the Information Security

When it comes to Information Security, there's a great way to learn, train and keep sharp your skills. This can be done using gamification mechanics to speed up the learning curve and improve retention rate. Capture The Flag competitions use gamification mechanics and represent one of the best wa...

DARPA Cyber Grand Challenge Offers $2M to Winners

The bug bounty continues to be turned on its ear. Microsoft began the wave of paying premium money for mitigation technologies via its Blue Hat prizes, and now DARPA has gone all-in to the tune of $2 million for the development of an automated network defense system that not only scans for and...

Mobile Pwn2Own Offers $300k For Zero Days

It’s a good time to be a security researcher. If you have the time and talent to find vulnerabilities in widely deployed applications, there is a lot of money out there for the taking, and not just from the bug bounty programs and regular exploit buyers. The latest iteration of the Pwn2Own hackin...