Each quarter we challenge our crowd to submit bugs against some of our most difficult programs to be entered to win a cash bonus. This quarter, we’ve encouraged our crowd to submit bugs against thick client applications and have seen fantastic engagement; we saw an awesome 200% increase in valid submissions in February. 

Today we are pleased to announce our February winner who will receive a $500 bonus:

 Congratulations to ainulmaker for the winning submission!

Thanks to everyone who submitted thick client bugs last month! Remember, all submissions will be entered for a final drawing at the next month in addition to the monthly March drawing. We’re excited to see what comes through in the next couple of weeks!

How to Get Started:

Participating in this promotion is easy! First, review our list of programs which include thick client targets–including Avira, LastPassSophos and more–and begin to test against them. If you find something, submit it! As long as it is a valid, non-duplicate submission against a thick client target, your report will automatically qualify for the promotional draws. Bugs submitted until March 31st, 2017 are eligible for this current promotion.

New to thick client software hacking or got skills and want to multiply them? Our Application Security Engineering team put together their favorite go-to resources, like Hacking – the Art of Exploitation (2nd edition) or Hacker Disassembling Uncovered. Want to try out some of your new skills before you tackle a bounty? Try the Embedded Security CTF!

Feel free to reach out to support@bugcrowd.com with any additional questions – Happy Hunting!