Description

One submission and 51,337 reasons to get to it. Cybersecurity is part of our nature and we understand that only by challenging our ways, we get to improve. The Capture Our Flag program is a targeted challenge that leverages Intigriti's core assets: submissions. This ensures our core product is secure at all times, and is a testament to the trust we build with our researchers and to our customers.

Bounties
Low
0.1 - 3.9
Medium
4.0 - 6.9
High
7.0 - 8.9
Critical
9.0 - 9.4
Exceptional
9.5 - 10.0
Tier 2
0
0
0
25,668
51,337
Tier 2
Up to €51,337
Rules of engagement
Required
Not applicable
Not applicable
Not applicable

By participating in this program, you agree to:

  • Respect the Community Code of Conduct
  • Respect the Intigriti Terms and Conditions
  • Respect the scope of the program
  • Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)

Validation times

We will validate all submissions within the below timelines, once your submission has been verified by Intigriti.
Submissions validated outside of this may be awarded a €25 bonus.

Vulnerability Severity Time to validate
Exceptional 2 Working days
Critical 2 Working days

This remains at the discretion of intigriti to award.

Check our fix
We offer up to €50 bonus to verify a resolved issue for us (when requested).
This remains at the discretion of intigriti to award.

Domains

app-pwn.intigriti.rocks

Tier 2
URL
In scope

Introduction

We believe that a straightforward approach to a target allows researchers to better focus their attention and skills.
For this, we have created our Cybersecurity Awareness month challenge, with a single target: Submission FLAGPROJECT-MSH5B19R

The challenge

Exploit a bug (or chain several) within the platform to get access to the submission data of FLAGPROJECT-MSH5B19R.

  • Target submission: FLAGPROJECT-MSH5B19R within the challengeoclock public program on our PWN environment
  • Flag: the flag is located in the Proof of Concept field and has the following format INTIGRITI{xxxx}
  • Severity levels: the challenge consists of 2 severity levels, based on compromise level:
Severity level Description
Exceptional capture the flag in clear text
Critical capture the flag in encrypted form

Rules of the game

This part is very important, as we want the testing to be focused on functional issues, not on tricks:

  • The exploit must work for any submission
  • The issue must be exploitable on our production environment
  • The submission must contain clear step by step written instructions on how to reproduce the issue
Out of scope

General

  • Spam, social engineering and physical intrusion
  • Scenarios that require complex user interaction
  • Theoretical security issues with no realistic exploit scenario(s) or attack surfaces, or issues that would require complex end user interactions to be exploited
  • Testing on any other environment besides PWN
  • Recently discovered zero-day vulnerabilities found in in-scope assets within 14 days after the public release of a patch or mitigation
  • Attacks requiring physical access to a victim's computer/device or compromised user accounts
Severity assessment

Due to the nature of the challenge, the CVSS vector will not be used. The submissions will be rated by 2 Severity levels:

Severity level Description
Exceptional capture the flag in clear text
Critical capture the flag in encrypted form
FAQ

How do I access the test environment?

In order to access the PWN environment you have to use our VPN.
There are 2 easy steps for that:

  1. Save the VPN configuration file attached and load it in your preferred VPN client.
  2. Connect and login using your researcher intigriti e-mail address and password.

How do I get credentials?

We don't offer credentials, but you can create your own researcher account on the PWN environment and start testing.
Feel free to create as many accounts you need.

Do you provide a company account?

We do not provide company accounts for this program.

intigriti.ovpn
10/12/2023, 11:56:29 AM
All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Activity
10/30
intigriti
updated the confidentiality level to public
10/30
intigriti
updated the confidentiality level to registered
10/30
intigriti
updated the confidentiality level to application
10/30
intigriti
updated the confidentiality level to invite only
10/30
intigriti
updated the confidentiality level to application
10/30
Capture Our Flag
launched