Operativsystemer
Belønninger på op til
US $30.000
Indeholder Synology DiskStation Manager, Synology Router Manager og Synology BeeStation.
Software og C2 Cloud Services
Belønninger på op til
US $10.000
Indeholder softwarepakker udviklet af Synology, relaterede mobilapps og C2 Cloud Services.
Webtjenester
Belønninger på op til
US $5.000
Omfatter alle større Synology-webtjenester.
- Du er den første efterforsker, der rapporterer denne sårbarhed
- Den rapporterede sårbarhed skal være verificerbar, replikerbar og et gyldigt sikkerhedsproblem
- Din rapport er i overensstemmelse med vilkår og betingelser for Bounty Program
Kontakt os ved hjælp af Bounty Program-kontaktformularen.
Brug denne PGP-nøgle til at kryptere dine oplysninger, når du sender fejlrapporter til Synology.
Vedlæg en PoC (Proof of Concept), og sørg for, at de rapporterede problemer kan reproduceres.
Hold din beskrivelse kort og præcis. For eksempel er et kort PoC-link mere brugbart end en video, der forklarer konsekvenserne af et SSRF-problem.
- Indeholder en tydeligt skrevet trinvis beskrivelse på engelsk af, hvordan sårbarheden reproduceres
- Vis, hvordan sårbarheden påvirker Synology-produkter eller -webtjenester, og beskriv, hvilke versioner og platforme der er berørt
- Angiv den potentielle skade, som den rapporterede sårbarhed har forårsaget
Belønning | Kvalificerede rapporter er berettigede til en belønning på op til$30.000 US.* |
---|---|
Omfattede relevante produkter | Kun rapporter om officielt frigivne versioner accepteres. DiskStation Manager (DSM)
Synology Router Manager (SRM)
Synology Camera-firmware
Synology BeeStation
|
Regler og begrænsninger | Dette program er udelukkende begrænset til de sikkerhedsrisici, der findes i Synology-produkter og -tjenester. Handlinger, der kan beskadige eller påvirke Synologys servere eller data negativt, er strengt forbudt. Sårbarhedstest må ikke være i strid med lokal eller taiwansk lovgivning. Sårbarhedsrapporter accepteres ikke under programmet, hvis de beskriver eller omfatter:
|
*Se siden med oplysninger om belønninger på websiden Security Bug Program for at få flere oplysninger.
**Den maksimale belønning for sårbarheder i SRM_LAN er $5.000.
***Den maksimale belønning for sårbarheder i kamerafirmware er $10.000.
Belønning | Kvalificerede rapporter er berettigede til en belønning på op til$10.000 US.* |
---|---|
Omfattede relevante produkter | Kun rapporter om officielt frigivne versioner accepteres. Pakker Software-pakker udviklet af Synology Desktopklienter Windows-, macOS- og Linux-programmer udviklet af Synology Mobilapps Mobilapps til Android og iOS udviklet af Synology Synology-konto
C2 Services *.c2.synology.com-domæner |
Regler og begrænsninger | Dette program er udelukkende begrænset til de sikkerhedsrisici, der findes i Synology-produkter og -tjenester. Handlinger, der kan beskadige eller påvirke Synologys servere eller data negativt, er strengt forbudt. Sårbarhedstest må ikke være i strid med lokal eller taiwansk lovgivning. Sårbarhedsrapporter accepteres ikke under programmet, hvis de beskriver eller omfatter:
|
*Se siden med oplysninger om belønninger på websiden Security Bug Program for at få flere oplysninger.
Belønning | Kvalificerede rapporter er berettigede til en belønning på op til US $5.000.* |
---|---|
Omfattede relevante produkter | Følgende domæner (herunder underdomæner) er omfattet: *.synology.com Følgende domæner (herunder underdomæner) er ikke omfattet: openstack-ci-logs.synology.com, router.synology.com Synology forbeholder sig ret til når som helst at ændre denne liste uden varsel. |
Regler og begrænsninger | Dette program er udelukkende begrænset til de sikkerhedsrisici, der findes i Synology-produkter og -tjenester. Handlinger, der kan beskadige eller påvirke Synologys servere eller data negativt, er strengt forbudt. Sårbarhedstest må ikke være i strid med lokal eller taiwansk lovgivning. Sårbarhedsrapporter accepteres ikke under programmet, hvis de beskriver eller omfatter:
|
*Se siden med oplysninger om belønninger på websiden Security Bug Program for at få flere oplysninger.
Operativsystemer | Software og C2 Cloud Services | Webtjenester | |
---|---|---|---|
Zero-click pre-auth RCE | $30.000 | $10.000 | $5.000 |
Zero-click pre-auth arbitrary file r/w | $9.000 | $4.600 | $2.400 |
Operativsystemer | Software og C2 Cloud Services | Webtjenester | |
---|---|---|---|
1-click pre-auth RCE | $8.000 | $4.000 | $2.000 |
Zero-click normal-user-auth RCE | $7.500 | $3.900 | $1.900 |
Zero-click normal-user-auth arbitrary file r/w | $6.500 | $3.400 | $1.700 |
Zero-click pre-auth RCE (AC:H) | $6.500 | $3.400 | $1.700 |
1-click pre-auth RCE (AC:H) | $5.000 | $2.500 | $1.325 |
pre-auth SQL injection | $3.800 | $1.950 | $1.025 |
1-click normal-user-auth RCE (AC:H) | $2.600 | $1.350 | $725 |
pre-auth stored XSS | $2.600 | $1.350 | $725 |
Operativsystemer | Software og C2 Cloud Services | Webtjenester | |
---|---|---|---|
Zero-click admin-auth RCE | $2.000 | $1.000 | $500 |
Zero-click admin-auth arbitrary file r/w | $1.500 | $860 | $480 |
normal-user-auth stored XSS | $1.350 | $733 | $417 |
normal-user-auth SQL injection | $1.200 | $607 | $353 |
admin-auth stored XSS | $600 | $353 | $227 |
Sårbarheder, der ikke er foruddefinerede, accepteres også, men belønnings er betydeligt lavere.
Noter:
- Bemærk, at mens der gives retningslinjer for belønninger, behandles hver rapport individuelt og grundigt. Scoring tager højde for forskellige faktorer, herunder, men ikke begrænset til, omfanget, der er beskrevet i afsnittet om belønninger. Synology forbeholder sig ret til endelig fortolkning af belønningsbeløbene.
- Ved problemer, der er klassificeret som lav alvorsgrad eller forslag, vil der kun blive givet bekræftelser.
- Khoadha from VCSLab of Viettel Cyber Security ( https://viettelcybersecurity.com/)
- Tim Coen (https://security-consulting.icu/)
- Mykola Grymalyuk from RIPEDA Consulting
- Zhao Runzi (赵润梓)
- Andrea Maugeri (https://www.linkedin.com/in/andreamaugeri)
- Offensive Security Research @ Ronin (https://ronin.ae/)
- Nathan (Yama) https://DontClickThis.run
- M Tayyab Iqbal (www.alphainferno.com)
- Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)
- Wonbeen Im, STEALIEN (https://stealien.com)
- 赵润梓、李建申(https://lsr00ter.github.io)
- Cheripally Sathwik (https://www.instagram.com/ethical_hacker_sathwik)
- Endure Secure (https://endsec.au)
- Stephen Argent (https://www.runby.coffee/)
- Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group
- Jan Kopřiva of Nettles Consulting (https://www.nettles.cz/security/)
- Andrej Zaujec (https://www.linkedin.com/in/andrej-zaujec-24ba07158/)
- chumen77 from WeBin Lab of DbappSecurity Co.,Ltd.
- Bruce Chen (https://twitter.com/bruce30262)
- aoxsin (https://twitter.com/aoxsin)
- Armanul Miraz
- Jaehoon Jang, STEALIEN (https://stealien.com)
- Jangwoo Choi, HYEONJUN LEE, SoYeon Kim, TaeWan Ha, DoHwan Kim (https://zrr.kr/SWND)
- Jaehoon Jang, Wonbeen Im, STEALIEN (https://stealien.com)
- Tomer Goldschmidt and Sharon Brizinov of Claroty Research - Team82
- Vo Van Thong of GE Security (VNG) (https://www.linkedin.com/in/thongvv3/)
- Hussain Adnan Hashim (https://www.linkedin.com/in/hussain0x3c)
- TEAM.ENVY (https://team-envy.gitbook.io/team.envy/about-us)
- Tim Coen (https://security-consulting.icu)
- TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND)
- Zhao Runzi (赵润梓)
- Kevin Wang (https://twitter.com/kevingwn_ )
- Shubham Kushwaha/ meenakshi Maurya (https://github.com/anabelle666)
- Safwat Refaat (@Caesar302)
- Jeffrey Baker (www.Biznet.net)
- Monisha N (https://www.linkedin.com/in/monisha-nagaraj-321524218/)
- Ravi (https://twitter.com/itsrvsinghh)
- remonsec (https://twitter.com/remonsec)
- TheLabda (https://thelabda.com)
- Grant Kellie (https://www.linkedin.com/in/grant-kellie-54a23b238/)
- pulla karthik srivastav (https://www.linkedin.com/in/karthik-srivastav-680359192)
- Muhammad Tanvir Ahmed https://www.facebook.com/tohidulislam.tanvir.948
- Eugene Lim, Government Technology Agency of Singapore (https://spaceraccoon.dev)
- Laurent Sibilla (https://www.linkedin.com/in/lsibilla/)
- Thomas Werschlein (https://www.linkedin.com/in/thomas-werschlein-2293384b)
- Sivanesh kumar (https://twitter.com/sivanesh_hacker)
- Davis Chang. (https://www.linkedin.com/in/hong-tsun-davis-chang/)
- @aoxsin (https://twitter.com/aoxsin)
- Chanyoung So (https://www.linkedin.com/in/chanyoung-so-62551b115/)
- Hasibul Hasan Shawon (@Saiyan0x01)
- Jose Hares (https://es.linkedin.com/in/jose-hares-arrieta-b419233b)
- Zain Iqbal (https://www.linkedin.com/in/zain-iqbal-971b76254/)
- Lukas Kupczyk, CrowdStrike Intelligence
- Tomasz Szczechura (https://www.linkedin.com/in/tomasz-szczechura-5189098b/)
- Zhao Runzi (赵润梓)
- Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi'anxin Group
- Patrik Fabian (https://websafe.hu)
- Eugene Lim, Government Technology Agency of Singapore (https://spaceraccoon.dev)
- Jeenika Anadani (https://twitter.com/j33n1k4)
- waterpeitw (https://zeroday.hitcon.org/user/waterpeitw)
- Milan katwal (https://www.milankatwal.com.np/)
- N S R de Rooy (https://www.linkedin.com/in/norbert-de-rooy-9b24527/)
- Christian Tucci (https://www.linkedin.com/in/christian-tucci/)
- Ravindra Dagale (https://www.linkedin.com/in/ravindra-dagale-5b0913151/)
- Sanket Anil Ambalkar (https://www.linkedin.com/in/sanket-ambalkar-70211518b/)
- Chirag Agrawal (https://www.linkedin.com/in/chirag-agrawal-770488144/)
- Yimi Hu@baidu.com
- Raman R Mohurle (https://twitter.com/Raman_Mohurle)
- cmj (http://blog.cmj.tw/)
- Parth Manek
- Patrick Williams (https://www.linkedin.com/in/patrick-williams-6992b4104/)
- Amaranath Moger (https://www.linkedin.com/in/amaranath-moger/)
- Dennis Herrmann (Code White GmbH)
- Siddharth Parashar (https://www.linkedin.com/in/siddharth-parashar-b2a21b1b5/)
- Sahil Soni (https://twitter.com/sahil__soni_18?s=08)
- Hasibul Hasan Shawon -[Sec Miner's Bangladesh]
- Devender Rao (https://www.linkedin.com/in/devender-rao)
- RAJIB BAR (https://www.linkedin.com/in/rajib-bar-rjb-b3683314b)
- Atharv Shejwal (https://kongsec.io)
- Xavier DANEST (https://sustainability.decathlon.com/)
- Aditya Shende (http://kongsec.io)
- Andreas Rothenbacher (https://error401.de)
- Rachit Verma @b43kd00r (https://www.linkedin.com/in/b43kd00r/)
- Suraj SK (https://www.linkedin.com/in/suraj-sk/)
- Simon Effenberg (https://www.linkedin.com/in/simon-effenberg)
- Niraj Mahajan (https://www.linkedin.com/in/niraj1mahajan)
- Ayush Pandey (https://www.linkedin.com/in/ayush-pandey-148797175)
- Sivanesh kumar D (https://twitter.com/sivanesh_hacker?s=09)
- Touhid Shaikh (https://securityium.com/)
- N Krishna Chaitanya (https://www.linkedin.com/in/n-krishna-chaitanya-27926aba/)
- Ayush Mangal (https://www.linkedin.com/in/ayush-mangal-48a168110)
- Tameem Khalid (https://www.linkedin.com/in/tameem-khalid-641a4b192/)
- ddaa of TrapaSecurity (https://twitter.com/0xddaa)
- Praveen Kumar
- Oscar Spierings (https://polyform.dev)
- Chanyoung So (https://www.linkedin.com/in/chanyoung-so-62551b115/)
- swings of Chaitin Security Research Lab
- Hasibul Hasan Rifat (https://twitter.com/rifatsec)
- Lanni
- Yeshwanth (https://www.linkedin.com/in/yeshwanth-b-4a560b202)
- Darshan Sunil jogi (https://www.linkedin.com/in/darshan-jogi-9450431b6/)
- Chanyoung So (https://www.linkedin.com/in/chanyoung-so-62551b115/)
- Lanni
- Swapnil Patil (https://www.linkedin.com/in/swapnil-patil-874223195)
- Vladislav Akimenko (Digital Security) (https://dsec.ru)
- Muhammad Junaid Abdullah (https://twitter.com/an0n_j)
- Claudio Bozzato of Cisco Talos (https://talosintelligence.com/vulnerability_reports/)
- Jose Hares (https://es.linkedin.com/in/jose-hares-arrieta-b419233b)
- Aditya Soni (https://www.linkedin.com/in/adtyasoni)
- Mansoor Amjad (https://twitter.com/TheOutcastCoder)
- Thomas Fady (https://www.linkedin.com/in/thomas-fady)
- James Smith (Bridewell Consulting) (https://bridewellconsulting.com)
- Kinshuk Kumar (https://www.linkedin.com/in/kinshuk-kumar-4833551a1/)
- Amit Kumar (https://www.linkedin.com/in/amit-kumar-9853731a4)
- Mehedi Hasan Remon (twitter.com/remonsec)
- Joshua Olson (www.linkedin.com/in/joshua-olson-cysa)
- Vaibhav Rajeshwar Atkale(https://twitter.com/atkale_vaibhav)
- Mohammed Eldawody (www.fb.com/eldawody0)
- YoKo Kho (https://twitter.com/YoKoAcc)
- Satyajit Das (https://www.linkedin.com/in/mrsatyajitdas)
- Tinu Tomy (https://twitter.com/tinurock007)
- Aniket Bhutani (https://www.linkedin.com/in/aniket-bhutani-6ba979192/)
- Anurag Muley (https://www.linkedin.com/in/ianuragmuley/)
- Howard Ching (https://www.linkedin.com/in/howard-ching-rhul/)
- Janmejaya Swain (https://www.linkedin.com/in/janmejayaswainofficial)
- Ahmad Firmansyah (https://twitter.com/AhmdddFsyaaah)
- Agrah Jain (www.linkedin.com/in/agrahjain)
- Shivam Kamboj Dattana (https://www.linkedin.com/in/sechunt3r/)
- Pratik Vinod Yadav (https://twitter.com/PratikY9967)
- Akshaykumar Kokitkar (https://mobile.twitter.com/cyber_agent2)
- Shesha Sai C (https://www.linkedin.com/in/shesha-sai-c-18585b125)
- Yash Agarwal (https://www.linkedin.com/in/yash-agarwal-17464715b)
- Jan KOPEC(https://twitter.com/blogresponder)
- Denis Burtanović
- Hasibul Hasan Shawon -[Sec Miner's Bangladesh]
- Georg Delp (https://www.linkedin.com/in/georgdelp/)
- R Atik Islam (https://www.facebook.com/atik.islam.14661)
- Jose Israel Nadal Vidal (https://twitter.com/perito_inf)
- Thomas Grünert (https://de.linkedin.com/in/thomas-gr%C3%BCnert-250905168)
- Matteo Bussani (https://www.linkedin.com/in/matteo-bussani-77b595198/)
- Bing-Jhong Jheng (https://github.com/st424204/ctf_practice)
- Swapnil Patil (https://www.linkedin.com/in/swapnil-patil-874223195)
- Prakash Kumar Parthasarathy (https://www.linkedin.com/in/prakashofficial)
- Kitab Ahmed (www.ahmed.science)
- Ahmad Firmansyah (https://twitter.com/AhmdddFsyaaah)
- Tiziano Di Vincenzo (https://www.linkedin.com/in/tiziano-d-3324a345/)
- Pratik Vinod Yadav (https://www.linkedin.com/in/pratik-yadav-117463149)
- Diwakar Kumar (https://www.linkedin.com/in/diwakar-kumar-5b3843114/)
- Rushi Gayakwad
- Yash Ahmed Quashim (https://www.facebook.com/abir.beingviper)
- Swapnil Kothawade (https://twitter.com/Swapnil_Kotha?s=09)
- Ankit Kumar (https://www.linkedin.com/in/ankit-kumar-42a644166/)
- Aman Rai (https://www.linkedin.com/in/aman-rai-737a19146)
- Rushikesh Gaikwad (https://www.linkedin.com/in/rushikesh-gaikwad-407163171)
- Rupesh Tanaji Kokare (https://www.linkedin.com/in/rupesh-kokare-b63a78145/)
- Sumit Jain (https://twitter.com/sumit_cfe)
- Qian Chen of Qihoo 360 Nirvan Team
- Vishal Vachheta (https://www.linkedin.com/in/vishal-vachheta-a30863122)
- Zhong Zhaochen
- Tomasz Grabowski
- Nightwatch Cybersecurity Research (https://wwws.nightwatchcybersecurity.com)
- Safwat Refaat (https://twitter.com/Caesar302)
- Agent22 (https://securelayer7.net/)
- Hsiao-Yung Chen
- Rich Mirch (https://blog.mirch.io)
- Ronak Nahar (https://www.linkedin.com/in/naharronak/)
- Noman Shaikh (https://twitter.com/nomanAli181)
- David Deller (https://horizon-nigh.org)
- Mehedi Hasan (SecMiners BD) (https://www.facebook.com/polapan.1337)
- Touhid M Shaikh (https://touhidshaikh.com)
- Abhishek Gaikwad
- Kitabuddin Ahmed
- Noman Shaikh (https://twitter.com/nomanAli181)
- Ajit Sharma (https://www.linkedin.com/in/ajit-sharma-90483655)
- Agung Saputra Ch Lages (https://twitter.com/lagesgeges)
- Dan Thomsen (www.thomsen.fo)
- Erik de Jong (https://eriknl.github.io)
- Sphinx 1,2 (https://www.facebook.com/Sphinx01.10/)
- AHMED ELSADAT (https://www.linkedin.com/in/ahmed-elsadat-138755133/)
- Hasibul Hasan (SecMiner)
- Mohammed Eldawody (www.fb.com/eldawody0)
- Chris Schneider
- Abdullah Fares Muhanna (https://www.facebook.com/AbedullahFares)
- Nick Blyumberg (https://www.linkedin.com/in/nickblyumberg/)
- Axel Peters
- Muhammad Junaid Abdullah (https://twitter.com/an0n_j)
- Kyle Green
- Thomas Fady (https://www.linkedin.com/in/thomas-fady)
- Dankel Ahmed (https://hackerone.com/kitab)
- ShuangYY
- HackTrack Security
- Muhammed Ashmil K K (Kavuthukandiyil)
- Muhammad Junaid Abdullah (https://twitter.com/snoviboy)
- Kishan kumar (https://facebook.com/noobieboy007)
- Lays (http://l4ys.tw)
- Ashish Kumar (https://www.facebook.com/buggyashish)
- Lakshay Gupta (http://linkedin.com/in/lakshay-gupta-44102a143)
- Meng-Huan Yu (https://www.linkedin.com/in/cebrusfs/)
- Ifrah Iman (http://www.ifrahiman.com)
- Mohammed Israil (https://www.facebook.com/VillageLad, https://www.linkedin.com/in/mohammed-israil-221656128)
- Taien Wang (https://www.linkedin.com/in/taienwang/)
- Emad Shanab (@Alra3ees) (https://twitter.com/Alra3ees?s=09)
- குகன் ராஜா (Havoc Guhan) (https://fb.com/havocgwen)
- Yasser Gersy (https://twitter.com/yassergersy)
- Ismail Tasdelen (https://www.linkedin.com/in/ismailtasdelen)
- Thomas Fady (https://www.linkedin.com/in/thomas-fady)
- Oliver Kramer (https://www.linkedin.com/in/oliver-kramer-670206b5)
- 1N3@CrowdShield (https://crowdshield.com)
- louys, Xie Wei (解炜), Li Yanlong (李衍龙)
- Zuo Chaoshun (https://www.linkedin.com/in/chaoshun-zuo-5b9559111/)
- Ali Razzaq (https://twitter.com/AliRazzaq_)
- 丁諭祺(Yu-Chi Ding) from DEVCORE CHROOT
- Alex Weber (www.broot.ca)
- Alex Bastrakov (https://twitter.com/kazan71p)
- Mehidia Tania (https://www.beetles.io)
- freetsubasa (https://twitter.com/freetsubasa)
- Łukasz Rutkowski (http://www.forit.pl/)
- Maximilian Tews (www.linkedin.com/in/maximilian-tews)
- Bryan Galao (https://www.facebook.com/xbryan.galao)
- Jim Zhou (vip-cloud.cn)
- Chun Han Hsiao
- Nightwatch Cybersecurity Research (https://wwws.nightwatchcybersecurity.com)
- Olivier Bédard
- Mohamed Eldawody (https://www.facebook.com/Eldawody0)
- Jose Hares (https://es.linkedin.com/in/jose-hares-arrieta-b419233b)
- 郑吉宏通过 GeekPwn 平台提交
- Independent Security Evaluators (ISE) labs
- Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
- B.Dhiyaneshwaran (https://www.linkedin.com/in/dhiyaneshwaran-b-27947a131/)
- Freiwillige Feuerwehr Rohrbach (www.ff-rohrbach.de)
- Uriya Yavnieli from VDOO (https://vdoo.com)
- Jung Chan Hyeok
- Zhong Zhaochen (http://asnine.com)
- Honc 章哲瑜 (https://www.facebook.com/you.toshoot)
- Sumit Jain
- Ketankumar B. Godhani (https://twitter.com/KBGodhani)
- karthickumar (Ramanathapuram)
- Alireza Azimzadeh Milani
- Taien Wang (https://www.facebook.com/taien.tw)
- Frédéric Crozat (http://blog.crozat.net/)
- Muhammad Hassaan Khan (https://www.facebook.com/Profile.Hassaan)
- SSD/Kacper Szurek
- Alexander Drabek (https://www.2-sec.com/)
- RAVELA PRAMOD KUMAR (https://mobile.twitter.com/PramodRavela)
- Kushal Arvind Shah of Fortinet’s FortiGuard Labs
- Alvin Poon (https://alvinpoon.myportfolio.com/)
- C.shahidyan, C.Akilan, K.Sai Aswanth
- BambooFox (https://bamboofox.github.io/)
- Sajibe Kanti (https://twitter.com/sajibekantibd)
- Huy Kha (linkedin.com/in/huykha)
- Pal Patel (https://www.linkedin.com/in/pal434/)
- Pethuraj M (https://www.linkedin.com/in/pethu/)
- Ali Ashber (https://www.facebook.com/aliashber7)
- Muzammil Abbas Kayani (@muzammilabbas2 )
- Tayyab Qadir (facebook.com/tqMr.EditOr)
- Babar Khan Akhunzada (www.SecurityWall.co)
- Mahad Ahmed (https://octadev.com.pk)
- JD Duh (blog.johndoe.tw, www.linkedin.com/in/JD-Duh)
- Mubassir Kamdar (http://www.mubassirkamdar.com)
- Daniel Díez Tainta (https://twitter.com/danilabs)
- Tushar Rawool (twitter.com/tkrawool)
- Thrivikram Gujarathi (https://www.linkedin.com/in/thrivikram-gujarathi-certified-ethical-hacker-bug-bounty-hunter-53074796)
- Ashish Kunwar (twitter: @D0rkerDevil)
- Steven Hampton (Twitter: @Keritzy, https://stevenh.neocities.org/)
- Peter Bennink (https://www.linkedin.com/in/peter-bennink/)
- Thomas Fady (https://www.linkedin.com/in/thomas-fady/)
- Roopak Voleti (https://m.facebook.com/sairoopak.voleti)