Throughout October, November and December 2016, we’ve challenged our crowd to submit bugs against some challenging targets–thick client applications.

Today we are announcing our October and Novembers winners:

Congratulations to gtr and Penrose for their winning submissions!


How to Get Started:

Participating in this promotion is easy! First, review our list of programs which include thick client targets–including Avira, LastPass, Sophos and more–and begin to test against them. If you find something, submit it! As long as it is a valid, non-duplicate submission, your report will automatically qualify for the promotional draws. Bugs submitted until December 31st, 2016 are eligible for this current promotion.

New to thick client software hacking or got skills and want to multiply them? Our Application Security Engineering team put together their favorite go-to resources, like Hacking – the Art of Exploitation (2nd edition) or Hacker Disassembling Uncovered. Want to try out some of your new skills before you tackle a bounty? Try the Embedded Security CTF!

Feel free to reach out to with any additional questions, and look out for our next researcher promotion in the coming weeks.