Camping with Tigers

This exclusive event invited a select group of security researchers to hunt vulnerabilities in the 11th Gen Intel® Core™ vPro® platform. The six-month event included two months of training and three cycles of finding vulnerabilities, each receiving a multiplier to Intel Bug Bounty’s standard bounty amounts.

Congratulations to Our Top Bug Hunters!

Round One

First to Submit:
Z-Wink

Highest Single Payout:
Mickey (@HackingThings)

Most Eligible Reports:
Alex Matrosov

Widest Impact:
Alex Matrosov

Helping Others:
Mickey (@HackingThings)

Just in Time:
Dan Lutas

Round Two

Highest Quality Report:
Jeremy Boone (@uffeux)

Social Butterfly:
Jesse Michael

Highest Single Payout:
Z-Wink

Most Committed Researcher:
Z-Wink

Most Eligible Reports:
Jeremy Boone (@uffeux)

Round Three

Newest Friends:
Erik de Jong

Jeremy Boone (@uffeux)

Z-Wink

Griffin Payne (DoctorP)

Alexander Pick

Matt Byrdwell (nerdwell)

In Scope:

Participants should focus efforts on Intel branded components included in the provided device. Potential findings might involve any of the following:

Micro-architectural attacks
Firmware attacks like microcode
Platform configuration (Intel® vPro, Intel® Management Engine, etc.)
Platform design
Physical attacks (note that this is a deviation from our existing Bug Bounty policy)
Firmware attacks
Physical: I/O, storage, flash, memory, sensors, embedded controller, trusted platform module
Firmware: BIOS, IP firmware components, embedded controller, sensor, trusted platform module, storage, flash storage
Device drivers shipped with the device (such as Intel graphics drivers, Thunderbolt device drivers, Bluetooth device drivers, wireless drivers, ethernet drivers, chipset driver)

Note: Any findings that are in User Space (Ring 3) are ineligible for the multiplier.