Please refer to Admin Console Test Plan on how to access/test the environment.
Drivers, cloud tools, enterprise cloud and enterprise server
To get access, do the following steps:
1. Create a new Observability deployment on cloud.elastic.co using an account with your @wearehackerone.com email alias.
2. See https://www.elastic.co/docs/solutions/observability/synthetics/create-monitors-ui to set up a monitor
Elastic Defend provides organizations with prevention, detection, and response capabilities with deep visibility for EPP, EDR, SIEM, and Security Analytics use cases across Windows, macOS, and Linux operating systems running on both traditional endpoints and public cloud environments.
In-Scope:
* Local Privilege Escalation (LPE): Any finding that allows an attacker with lower-privilege to execute code or gain privileges as a higher-privileged user e.g. from a standard user to SYSTEM or administrator.
* Confidentiality of Data: An non-administrative local or unauthorized remote attacker can view Elastic Defend logs or events.
* Unauthorized of Command and Control: An non-administrative local or unauthorized remote attacker can configure or control Elastic Defend through a mechanism such as response actions or policy updates.
* System Crash from Unprivileged User: If the actions of a non-administrative user can cause Elastic Defend to bug check the system, we want to know about and fix this. Note that this does not apply to administrators, since administrators can already change system/driver configuration and/or modify kernel memory.
Out-of-Scope:
* Findings that require administrative or root privileges are out of scope. Administrators are very powerful, free to modify or downgrade the OS. Elastic aligns with the MSRC's stance that the boundary between an administrator and the kernel is not a security boundary. [https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria](https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria)
* Bypassing Tamper Protection as an administrator: Tamper Protection is a defense-in-depth feature and not intended as a security boundary against an administrator.
* Physical access vulnerabilities: Findings that require physical access to the device as users are free to alter the OS via recovery modes or booting from a separate OS.
* Crashing Defend: Elastic considers crashes to be bugs, but not security bugs. Defend will automatically restart if it crashes. We are interested in hearing about these issues, and may pay a bounty (case-by-case basis).
* Bypassing a Defend protection (e.g. malware scanning, memory scan, rule): Because no protection is perfect, Elastic Defend employs multiple layers of protection to provide a comprehensive system protection. Behavior rule protection bypasses are subject to the [Elastic Bounty Program for Behavior Rule Protections](https://www.elastic.co/security-labs/behavior-rule-bug-bounty).
Transform customer interactions with our seamless SMS, messaging, video, and voice solutions.
⚠️ Self Sign-up is available: https://connect.8x8.com/
⚠️ [8x8 CPaaS developer portal](https://developer.8x8.com/connect)
⚠️ All APIs listed under "8x8 Connect" are in-scope.
⚠️ In-Scope examples:
* sms.8x8.com
* chatapps.8x8.com
* {product}.8x8.uk
* {product}.8x8.id
* {product}.us.8x8.com
* {product}.{region}.cpaas-net.8x8.com
MetaMask Developer provides instant and scalable API access for web3 dapp developers.
Bounty Tier: Core
The contracts in this repository are used in Skip Go Fast, a decentralized bridging protocol that enables faster-than-finality cross-chain actions across all major ecosystems, starting with Cosmos and Ethereum.
IBC v2 is a simplified version of the IBC protocol that is encoding agnostic. This enables a trust-minimized IBC connection between Ethereum and a Cosmos SDK chain.
https://github.com/cosmos/solidity-ibc-eureka
Please refer to Admin Console Test Plan on how to access/test the environment.
Drivers, cloud tools, enterprise cloud and enterprise server
To get access, do the following steps:
1. Create a new Observability deployment on cloud.elastic.co using an account with your @wearehackerone.com email alias.
2. See https://www.elastic.co/docs/solutions/observability/synthetics/create-monitors-ui to set up a monitor
Elastic Defend provides organizations with prevention, detection, and response capabilities with deep visibility for EPP, EDR, SIEM, and Security Analytics use cases across Windows, macOS, and Linux operating systems running on both traditional endpoints and public cloud environments.
In-Scope:
* Local Privilege Escalation (LPE): Any finding that allows an attacker with lower-privilege to execute code or gain privileges as a higher-privileged user e.g. from a standard user to SYSTEM or administrator.
* Confidentiality of Data: An non-administrative local or unauthorized remote attacker can view Elastic Defend logs or events.
* Unauthorized of Command and Control: An non-administrative local or unauthorized remote attacker can configure or control Elastic Defend through a mechanism such as response actions or policy updates.
* System Crash from Unprivileged User: If the actions of a non-administrative user can cause Elastic Defend to bug check the system, we want to know about and fix this. Note that this does not apply to administrators, since administrators can already change system/driver configuration and/or modify kernel memory.
Out-of-Scope:
* Findings that require administrative or root privileges are out of scope. Administrators are very powerful, free to modify or downgrade the OS. Elastic aligns with the MSRC's stance that the boundary between an administrator and the kernel is not a security boundary. [https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria](https://www.microsoft.com/en-us/msrc/windows-security-servicing-criteria)
* Bypassing Tamper Protection as an administrator: Tamper Protection is a defense-in-depth feature and not intended as a security boundary against an administrator.
* Physical access vulnerabilities: Findings that require physical access to the device as users are free to alter the OS via recovery modes or booting from a separate OS.
* Crashing Defend: Elastic considers crashes to be bugs, but not security bugs. Defend will automatically restart if it crashes. We are interested in hearing about these issues, and may pay a bounty (case-by-case basis).
* Bypassing a Defend protection (e.g. malware scanning, memory scan, rule): Because no protection is perfect, Elastic Defend employs multiple layers of protection to provide a comprehensive system protection. Behavior rule protection bypasses are subject to the [Elastic Bounty Program for Behavior Rule Protections](https://www.elastic.co/security-labs/behavior-rule-bug-bounty).
Transform customer interactions with our seamless SMS, messaging, video, and voice solutions.
⚠️ Self Sign-up is available: https://connect.8x8.com/
⚠️ [8x8 CPaaS developer portal](https://developer.8x8.com/connect)
⚠️ All APIs listed under "8x8 Connect" are in-scope.
⚠️ In-Scope examples:
* sms.8x8.com
* chatapps.8x8.com
* {product}.8x8.uk
* {product}.8x8.id
* {product}.us.8x8.com
* {product}.{region}.cpaas-net.8x8.com
Tier 2
Tier 2
MetaMask Developer provides instant and scalable API access for web3 dapp developers.
Bounty Tier: Core
The contracts in this repository are used in Skip Go Fast, a decentralized bridging protocol that enables faster-than-finality cross-chain actions across all major ecosystems, starting with Cosmos and Ethereum.
IBC v2 is a simplified version of the IBC protocol that is encoding agnostic. This enables a trust-minimized IBC connection between Ethereum and a Cosmos SDK chain.
https://github.com/cosmos/solidity-ibc-eureka