Calling All Security Enthusiasts and Researchers!
Are you passionate about Cybersecurity/Bugbounty and eager to put your skills to the test? Look no further! Join us at Defcamp Security Conference, for an exciting live hacking event “on the SPOT” in collaboration with HackerOne. As cybersecurity professionals, you will have the opportunity to actively test our systems, discover vulnerabilities, and earn substantial cash rewards for your findings.
Yes, most of the time it’s a subject matter expert, with experience in Bug Bounty but anyone can join.
It’s a cybersecurity competition or activity where ethical hackers, security researchers, or participants with hacking skills attempt to identify and exploit vulnerabilities in computer systems, software, or digital infrastructure in real-time. These events are conducted in a controlled and responsible manner.
During a live hacking event, participants may focus on testing the security of specific targets or systems, and they are rewarded for successfully identifying vulnerabilities or security flaws. These events can vary in scope, from smaller contests to large-scale initiatives organized by companies, organizations, or conferences.
Live hacking events provide a valuable platform for security experts to test their skills, share knowledge, and collaborate with the goal of making digital systems more secure.
They also help organizations identify and resolve security issues, ultimately enhancing their cybersecurity posture.
Code of Conduit
Code of Conduit
We are committed to fostering a collaborative, respectful, and safe environment for all participants. By participating in this event, you agree to adhere to the following code of conduct:
- Ethical Hacking:
All hacking activities must be conducted ethically and legally, focusing solely on the targets provided and avoiding any malicious intent. - Respect:
Treat all participants, organizers, and staff with respect and courtesy. Harassment, discrimination, or any form of unwelcome behavior will not be tolerated. - Collaboration:
Encourage open collaboration and knowledge sharing among participants. This event is an opportunity to learn from each other. - Responsible Disclosure:
If you discover vulnerabilities, report them responsibly to the organizers. Do not disclose or exploit them without explicit permission. - Privacy and Data Protection:
Respect the privacy and confidentiality of all data encountered during the event. Do not attempt to access or disclose sensitive information. - Do No Harm:
Ensure that your actions do not harm or disrupt the event, other participants, or any systems beyond the scope of the event. - Compliance with Event Rules:
Follow the rules and guidelines set by the event organizers. Failure to comply may result in disqualification. - Reporting Violations:
If you witness or experience any violations of this code of conduct, report them to the event organizers immediately.
On top of that, by participating in programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct (CoC). The CoC is in addition to the General Terms and Conditions and Finder Terms and Conditions that all Finders must agree to when creating an account.
Rules
- Stay in scope. If you have any questions on the scope, you can come to us directly and ask.
- If default credentials are discovered for any service, you MUST stop and report. Any findings discovered after-the-fact will be rejected.
- If Critical vulnerabilities such as RCE/SQLI/XXE/etc, please stop testing immediately and report it to us.
- No password brute force or password spraying activities.
- No scanning while away from your machine (must be present to halt scanning if traffic is too heavy). Fuzzing for directories/files/etc is allowed but please don’t use automatic scanners such as Acunetix, nuclei, nessus, etc. We already did that so you won’t find anything useful.
- No physical or social engineering
- No testing of 3rd party services. When you are not sure if that is a 3rd party, ask us!
- No uploading of related content to 3rd party utilities (e.g. Github, DropBox, YouTube).
- No intentional Denial of Service testing
Prizes / Rewards
| Severity | USD |
|---|---|
| Critical | $ 5000 – $ 10000 |
| High | $ 1500 – $ 4000 |
| Medium | $ 500 – $ 1000 |
| Low | $ 200 – $ 500 |
Scope
| Target | Type |
|---|---|
| *.superbet.ro | web |
| *.magicjackpot.ro | web |
| *.luckydays.com | web |
| *.spinaway.com | web |
| *.spinaway.ca | web |
| ro.superbet.sport | mobile |
| ro.superbet.games | mobile |
Out of Scope
| Target | Type |
|---|---|
| *.epic.superbet.ro | web |
| https://legacy-web-stage.superbet.ro/metrics | web |
| https://legacy-web.superbet.ro/session/login | web |
| https://ct-dev-www.superbet.ro | web |
| https://ax-www-pub.superbet.ro | web |
| *.superbet.com | web |
| *.superbet.rs | web |
FAQ
If you have any questions about the code of conduct or any of these rules of engagement, please send them to [email protected].
