TL/DR: As part of ongoing efforts to enhance the experience of our community of ethical hackers on Crowdsource, Detectify announced today the availability of module disclosures. The new feature empowers community members to accelerate their understanding of how the platform works as well as newly disclosed methods of hacking common technologies.
Module disclosures help our community share knowledge
Knowledge sharing is at the core of the ethical hacking community. Since launching Detectify Crowdsource in 2016, we have crowdsourced thousands of tests – called modules on our platform – from leading ethical hackers around the world.
When a hacker discovers a vulnerability in a widely used technology (e.g. NGINX, AEM, AWS, etc), they submit a POC for that vulnerability to our internal research team. The process of finding vulnerabilities in widely used technologies differs from other bug bounty platforms where hackers are tasked to hack an organization based on a tightly defined scope. Learning what types of technologies and vulnerabilities are accepted by Detectify Crowdsource often takes time, which is something we’re working to improve within our platform.
That’s why we’ve now made it possible for members of our ethical hacking community to request and disclose modules on our platform. This means members will be able to gain insights on the types of vulnerabilities in technologies that will help them be most successful on Detecify Crowdsource.
Disclosing modules is simple for ethical hackers
There are hundreds of resources online for ethical hackers of varying degrees of experience. We launched module disclosures to ensure that the knowledge within our community of deeply talented hackers benefits all members. Whether you’re a new member of our community or a veteran, disclosed modules will accelerate your understanding of how our platform works and new methods of hacking commonly used technologies.
Since launching module disclosures in May, our community has disclosed a few dozen modules. Some of those modules include:
- CVE-2021-26084 – Confluence OGNL injection RCE by @j0v
- All In One WP Security & Firewall <= 4.4.1 Hidden Login Page bypass by @gehaxelt
- NPM Packages Disclosure by @gehaxelt
What is Detectify’s Crowdsource?
Detectify Crowdsource is a platform for ethical hackers to scale the impact of their bug hunting through automation. Ethical hackers submit vulnerabilities they found in widely used technologies that are automated and made available to thousands of Detectify customers around the globe. Each time a vulnerability is found in a unique customer asset, a bounty is paid to the ethical hacker who submitted the vulnerability.
Combining human ingenuity and automation
Our community of 400+ ethical hackers have generated over 250 million vulnerability findings across the attack surfaces of thousands of Detectify customers. This monumental achievement from our community is fueled through their submission of possible because of Proof of Concepts (“POCs”) of their findings. POCs are written by the hacker and submitted to our internal security research team for review. As soon as a POC is validated, it is automated into a module – often within 15 minutes! – and available to 2,000 customers around the world.
Interested in joining our community?
Wondering how you can join our community of leading ethical hackers? Try out our signup challenge to see if you have the experience needed to join Detectify Crowdsourcer here.