Annual independent award for ethical hackers Pentest award opens for applications. Pentesters have a chance to announce their achievements and show their contribution to the development of the Russian information security market. This year the number of nominations has increased to six.
Nominations and awards
Last year, participants demonstrated a high level of professionalism and took home 12 awards. Let us remind you that the best works from the categories “Breaking Through”, “Fuck the Logic” and Bypass were published on the pages of “Hacker”.
This year the number of nominations has increased to six, with three prizes in each:
- breaking through WEB: identification and exploitation of vulnerabilities in web services, APIs and other components of web applications;
- breaking through the infrastructure: penetration and exploitation of network infrastructure vulnerabilities, including, but not limited to, network devices, network services and IoT devices;
- device: research into technical deficiencies found in various devices, firmware and environments;
- hack the logic: detection of the most top logical bugs;
- one bypass, two bypass: the most beautiful bypass of information security tools;
- Caught a fish: the most original phishing or attempt to socialize employees.
The main prize is a glass personalized figurine for first place, a Macbook, tickets to the OFFZON conference and maximum honor from the community of ethical hackers. For second and third places, the winners will receive an iPhone, a smart watch, as well as gifts from the project partners: a set of merch from BI.ZONE Bug Bounty, smart speakers, merch and an excursion from VK Bug Bounty.
The award ceremony will take place on August 2, 2024 in Moscow.
Jury participation and evaluations
Participation in the Pentest award is free, you just need to send an application and tell us about your best project in free form. There is no need to disclose exploits: any steps in the exploitation chain can be completely anonymous, and details can be hidden. The main thing is to reflect the approach and idea itself.
The award jury pays attention to a detailed narrative, a description of the context and introductory notes, screenshots and proofs of the presence of vulnerabilities, a non-standard approach and creativity, as well as the complexity of exploitation, for example, the use of exploits of our own design, long-term research and other features.
The independent jury consists of the best practicing offensive security specialists from top Russian companies. After voting and deliberating, they will present a shortlist of nominees at the end of July.
Jury composition:
- Ilya Karpov – Head of the Department of Cybersecurity Research and Development of Cyber Exercise Scenarios at the National Cyber Test Site. Registered more than 300 CVE, TOP-5 BDU FSTEC. Co-founder of the RUSCADASEC community and the SCADAXSECURITY research group;
- Pavel Toporkov — independent researcher, bug hunter, speaker at international conferences, author of zero-day vulnerabilities in products from SIEMENS, REDIS, OPENSTACK and others;
- Vyacheslav Kasimov — CISO in the ICD, one of the top 10 systemically important ones. For 15 years he has been working in CISO positions in the largest banks in Russia and NSPK. He has extensive experience in building practical information security from scratch, designing complex information security and anti-fraud systems. He is an adherent of a risk-oriented approach to building information security and using the best global practices in his work;
- Mikhail Sidoruk — Head of Security Analysis Department at BI.ZONE;
- Dmitry Morev — Director of Information Security at RuStore. More than 15 years in information security. The main focus is AppSec and infrastructure security;
- Anton Lopanitsyn (bo0om) is an information security researcher and industry blogger. Winner of last year's Pentest award in the Hack the logic category;
- Roman Shemyakin — Lead Application Security Engineer at Yandex;
- Sergey Kuzminov — Head of Penetration Testing and RedTeam at BI.ZONE;
- Vadim Shelest – Head of the security analysis group at Wildberries. Has been conducting pentests and Red/Purple Teaming projects for over 12 years. Author of numerous articles on the topic of practical information security, speaker at international conferences. Author of the PurpleBear channel;
- Pavel Nikitin – Head of Red & Purple Team VK. Improves the security of the VK infrastructure. More than 10 years in the information security industry, tested the strength of defense industry systems, banks and various commercial organizations;
- Roman Panin — Head of Information Security Architecture at MTS and author of the Telegram channel “Security Package”;
- Alexander Gerasimov — CISO and co-founder of Awillix, the organizing company of the Pentest award.
Applications are open until June 23, 2024. You will find more information on the project website: https://award.awillix.ru/.
Advertising. Advertiser: Avilliks LLC. TIN 9729279526.