About the Event:
Live Bug Hunting is an interactive cybersecurity event where participants, often ethical hackers, are tasked with identifying and exploiting vulnerabilities in real-time within designated applications or systems.
Unlike traditional bug bounty programs that allow hackers to work at their own pace, live bug bounty events create a competitive, time-bound environment where hackers must quickly assess the target, discover flaws, and report them to earn rewards.
Participants are expected to use their technical skills to find security weaknesses, document their findings, and propose solutions, all while adhering to the event's rules and ethical guidelines. The goal is to improve the security of the targeted systems by uncovering vulnerabilities.
Number Of Members in a Team: Solo or Duo
Duration : 1 hours 30 mins
Number of Rounds : 2
Rules:
1. Scope of Testing
Authorized Targets Only: Participants may only test the applications, systems, or networks explicitly included in the event’s scope. Any testing outside this scope is strictly prohibited.
Prohibited Actions: Attacking infrastructure (e.g., DNS, CDN, etc.), social engineering, phishing, or physical security testing is not allowed.
2. Ethical Conduct
No Malicious Activity: Any attempt to exploit a vulnerability beyond the testing purposes is forbidden.
Confidentiality: Participants must keep all vulnerabilities and details about the targets confidential.
3. Reporting Vulnerabilities
Detailed Reporting: Vulnerabilities must be reported with sufficient detail to reproduce the issue, including steps to replicate, screenshots, or code snippets if applicable. Participants should also explain the impact of the reported issue.
4. Fair Play
One Vulnerability, One Report: Each vulnerability should be reported once, and only by the participant who discovered it. If 2 participants report the same vulnerability, only the first report will be considered and the other one will be marked as duplicate.
5. Respect for the Event Timeline
Time Limits: All testing and reporting must occur within the designated event period.
6. Disqualification
Rule Violations: Any violation of these rules may result in disqualification, or forfeiture of rewards.
7. Organizer Rights
Final Decisions: The event organizers reserve the right to interpret the rules, adjudicate disputes, and make final decisions on eligibility, rewards, and disqualifications.
Judgment Criteria :
1. Severity of the Vulnerability
Criticality: How severe is the vulnerability in terms of potential damage? Vulnerabilities are assessed on their ability to compromise sensitive data, take over systems, or cause significant operational disruption.
Impact Scope: The broader the impact the higher the severity rating.
2. Exploitability
Ease of Exploitation: How easily can the vulnerability be exploited by an attacker? Simple, straightforward exploits are often ranked higher, as they pose a greater immediate threat.
Required Access Level: Vulnerabilities that can be exploited without special permissions or with minimal access are considered more dangerous.
3. Uniqueness and Originality
Novelty: Is the vulnerability a previously unknown issue, or is it a common flaw? Unique discoveries are valued more highly.
First-to-Report: The first participant to report a particular vulnerability typically receives full credit, encouraging quick, decisive action.
4. Quality of the Report
Clarity: The report should be clear, well-structured, and easy to understand, allowing the organizers and developers to quickly grasp the issue.
Reproduction Steps: Detailed steps to reproduce the vulnerability are crucial, including any necessary code, configurations, or tools.
Proof of Concept: Providing a working proof of concept (PoC) that demonstrates the exploit significantly boosts the report's value.
5. Adherence to Rules
Ethical Conduct: Participants must have followed all event rules, including scope limitations, responsible disclosure practices, and fair play guidelines. Violations can lead to disqualification, regardless of the severity of the vulnerability reported.
7. Timeliness
Speed of Submission: The promptness of the submission relative to the discovery can be a factor, particularly in a competitive environment where multiple participants may find similar issues.
All of these factors will be taken into consideration while deciding on the severity rating of a submitted report. A report with a higher severity rating will be declared the winner followed by others.