A new hacking competition, a new hacking competition called Zerode Claude, centered on Open-SUS Cloud and AI Tools, announced a total prize of $ 4.5 million in Bug Bounty for researchers that presents exploitation for various goals.
The competition has been launched by the Research Arm of Cloud Security Company Wiz in partnership with Google Cloud, AWS and Microsoft, and is scheduled on 10 and 11 December at the Black Hat Europe conference in London, UK.
Zerode cloud There are six different categories, researchers can participate with bug bounty between $ 10,000 and $ 300,000:
- Aye – Olama ($ 25k), VLLM ($ 25K), NVIDIA Container Toolkit ($ 40K)
- Kuberanets and Cloud-country -Kubernets API Server ($ 80K), Qublet Server ($ 40K), Greffana ($ 10K Autums RCE, $ 40K Pre-AUTH RCE), Promthius ($ 40K), Deadly Bit ($ 10K)
- Container and virtue -Docker (image provided by $ 40 user, $ 60K arbitrary image), container ($ 40s provided by user, $ 60K arbitrary image), Linux kernel ($ 30K container escape on Ubuntu)
- Web server – NGINX ($ 300K), Apache Tomcat ($ 100K), Envoy ($ 50K), Caddy ($ 50K)
- Database -Redis ($ 25k Auth Rce, $ 100K Prece Prece Rce), Postgresql ($ 20k Author Rce, $ 100K Pre-Auth RCE), Mariadb ($ 20k Author RCE, $ 100k Pre-Auth RCE)
- Devaps and Automation – Apache Airflow ($ 40K), Jenkins ($ 40K), Gitlab CE ($ 40K)
The rules of the competition say that the targets should be fully compromised as a result of the exploits presented. Vij explains that it means “a full container/VM escape for the virtualization category, and 0-click Remote Code Performance (RCE) vulnerability for other goals.”
Organizers also provide Conditions for each goalAlso, instructions and technical resources (doors container with the target on default configuration) can use security researchers to test their adventures.
Researchers who register through Hakaran platform and complete their ID verification and tax forms by November 20 are free to present exploitation for as many goals as they want, but they are limited to only an entry per target.
Submitters of approved adventures will be invited to display them live during the incident, either alone or up to five members.
People living in countries such as Russia, China, Iran, North Korea, Cuba, Sudan, Syria, Libya, Lebanon, and Crimea and Donnetsk are banned from participating in the zerod cloud competition like Russia, China, Iran, Cuba, Sudan, Syria, Libya,.
There are full rules for zeroday.cloud hacking competition Available here,
However, the announcement of the event did not resonate well with the organizers of the PWN2OWN hacking competitions that have been running with great success for many years.
In a public post, trend micro Is called PWN2OWN to copy the rules for Ireland. Juan Pablo Castro, director of Cybercity Strategy and Technology in Trend Micro, said Gemini was a “Word-for-Vard” copy while comparing the rules of two incidents.
Vij replied with one Undeveloped statementAccepting that the PWN2OWN rule booklet “was a reliable, mature structure by which we were inspired.”
attend Violation and attack simulation summit And experience Future of security verificationListen to top experts and see how AI-managed base Breach is changing and attacking simulation.
Do not remember the event that will shape the future of your safety strategy
