Sistemi operativi
Premi fino a
30000
Include Synology DiskStation Manager, Synology Router Manager e Synology BeeStation.
Software e servizi cloud C2
Premi fino a
10000
Include pacchetti software sviluppati da Synology, app mobili correlate e servizi cloud C2.
Servizi web
Premi fino a
5000
Include tutti i principali servizi web di Synology.
- Sei il primo ricercatore a segnalare questa vulnerabilità
- La vulnerabilità segnalata è confermata essere verificabile, replicabile e un valido problema di sicurezza
- Il tuo rapporto è conforme ai termini e regolamenti del Programma di Ricompense
Contattaci utilizzando il modulo di contatto del Programma dei premi.
Utilizza questa chiave PGP per crittografare le informazioni quando invii report di bug a Synology.
Includi una prova di concetto (PoC) dettagliata e assicurati che i problemi segnalati possano essere riprodotti.
Mantieni la tua descrizione concisa. Ad esempio, un link di prova di concetto breve è più apprezzato di un video che spiega le conseguenze di un problema SSRF.
- Contenere una descrizione chiaramente scritta passo dopo passo in inglese su come riprodurre la vulnerabilità
- Dimostrare come la vulnerabilità influisce sui prodotti o sui servizi web di Synology, e descrivere quali versioni e piattaforme sono interessate
- Indicare i danni potenziali causati dalla vulnerabilità segnalata
| Ricompensa | I rapporti qualificati sono idonei per una ricompensa fino a 30.000 dollari USA.* |
|---|---|
| Prodotti nell'ambito | Sono accettate solo segnalazioni su versioni ufficialmente rilasciate. DiskStation Manager (DSM)
Gestore del Router di Synology (SRM)
Firmware della Camera di Synology
Synology BeeStation
|
| Regolamenti e restrizioni | Questo programma è strettamente limitato alle vulnerabilità di sicurezza trovate nei prodotti e servizi di Synology. Azioni che potrebbero danneggiare o influenzare negativamente i server o i dati di Synology sono severamente vietate. I test di vulnerabilità non devono violare le leggi locali o taiwanesi. I rapporti di vulnerabilità non sono accettati nel programma se descrivono o coinvolgono:
|
*Vedi la pagina dei dettagli delle ricompense sulla pagina web del Programma Bug di Sicurezza per ulteriori dettagli.
**La ricompensa massima per le vulnerabilità in SRM_LAN è $5,000.
***La ricompensa massima per le vulnerabilità nel firmware della videocamera è $10,000.
**La ricompensa massima per le vulnerabilità in SRM_LAN è $5,000.
***La ricompensa massima per le vulnerabilità nel firmware della videocamera è $10,000.
| Ricompensa | I rapporti qualificati sono idonei per una ricompensa fino a 10.000 dollari USA.* |
|---|---|
| Prodotti nell'ambito | Sono accettati solo rapporti su versioni ufficialmente rilasciate. Pacchetti Pacchetti software sviluppati da Synology Client desktop Applicazioni sviluppate da Synology per Windows, macOS e Linux App mobili App mobili sviluppate da Synology per Android e iOS Account Synology
Servizi C2 *.c2.synology.com domini |
| Regolamenti e restrizioni | Questo programma è strettamente limitato alle vulnerabilità di sicurezza trovate nei prodotti e servizi Synology. Azioni che potrebbero potenzialmente danneggiare o influenzare negativamente i server o i dati di Synology sono severamente vietate. I test di vulnerabilità non devono violare le leggi locali o taiwanesi. I rapporti di vulnerabilità non sono accettati nel programma se descrivono o coinvolgono:
|
*Consulta la pagina dei dettagli delle ricompense sul sito web del programma di bug di sicurezza per ulteriori dettagli.
| Ricompensa | I rapporti qualificati sono idonei per una ricompensa fino a 5.000 dollari USA.* |
|---|---|
| Prodotti nell'ambito | I seguenti domini (inclusi i sottodomini) sono nell'ambito: *.synology.com I seguenti domini (inclusi i sottodomini) sono esclusi dall'ambito: openstack-ci-logs.synology.com, router.synology.com Synology si riserva il diritto di modificare questa lista in qualsiasi momento senza preavviso. |
| Regolamenti e restrizioni | Questo programma è strettamente limitato alle vulnerabilità di sicurezza riscontrate nei prodotti e servizi Synology. Azioni che potrebbero danneggiare o influenzare negativamente i server o i dati di Synology sono severamente vietate. I test di vulnerabilità non devono violare le leggi locali o taiwanesi. Le segnalazioni di vulnerabilità non sono accettate nel programma se descrivono o coinvolgono:
|
*Consulta la pagina dei dettagli delle ricompense sul sito web del programma di bug di sicurezza per ulteriori dettagli.
| Sistemi operativi | Servizi software e C2 cloud | Servizi web | |
|---|---|---|---|
| Zero-click pre-auth RCE | $30,000 | $10,000 | $5,000 |
| Zero-click pre-auth arbitrary file r/w | $9,000 | $4,600 | $2,400 |
| Sistemi operativi | Servizi software e C2 cloud | Servizi web | |
|---|---|---|---|
| 1-click pre-auth RCE | $8,000 | $4,000 | $2,000 |
| Zero-click normal-user-auth RCE | $7,500 | $3,900 | $1,900 |
| Zero-click normal-user-auth arbitrary file r/w | $6,500 | $3,400 | $1,700 |
| Zero-click pre-auth RCE (AC:H) | $6,500 | $3,400 | $1,700 |
| 1-click pre-auth RCE (AC:H) | $5,000 | $2,500 | $1,325 |
| pre-auth SQL injection | $3,800 | $1,950 | $1,025 |
| 1-click normal-user-auth RCE (AC:H) | $2,600 | $1,350 | $725 |
| pre-auth stored XSS | $2,600 | $1,350 | $725 |
| Sistemi operativi | Servizi software e C2 cloud | Servizi web | |
|---|---|---|---|
| normal-user-auth stored XSS | $1,350 | $733 | $417 |
| normal-user-auth SQL injection | $1,200 | $607 | $353 |
| admin-auth vulnerabilities | $100 | $100 | $100 |
1. A partire dal 1 ottobre 2024, le ricompense per le vulnerabilità di admin-auth saranno fissate a $100 USD.
Note:
- Si prega di notare che, sebbene siano fornite linee guida per le ricompense, ogni rapporto è trattato individualmente e valutato accuratamente. La valutazione considera vari fattori, inclusi ma non limitati all'ambito dettagliato nella rubrica delle ricompense. Synology si riserva il diritto di interpretazione finale degli importi delle ricompense.
- Per le questioni classificate come di bassa gravità o suggerimenti, verranno forniti solo riconoscimenti.
- Khoadha from VCSLab of Viettel Cyber Security ( https://viettelcybersecurity.com/)
- Tim Coen (https://security-consulting.icu/)
- Mykola Grymalyuk from RIPEDA Consulting
- Zhao Runzi (赵润梓)
- Andrea Maugeri (https://www.linkedin.com/in/andreamaugeri)
- Offensive Security Research @ Ronin (https://ronin.ae/)
- Nathan (Yama) https://DontClickThis.run
- M Tayyab Iqbal (www.alphainferno.com)
- Only Hack in Cave (tr4ce(Jinho Ju), neko_hat(Dohwan Kim), tw0n3(Han Lee), Hc0wl(GangMin Kim)) (https://github.com/Team-OHiC)
- Wonbeen Im, STEALIEN (https://stealien.com)
- 赵润梓、李建申(https://lsr00ter.github.io)
- Cheripally Sathwik (https://www.instagram.com/ethical_hacker_sathwik)
- Steven Lin (https://x.com/5teven1in)
- Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group
- Mohd Ali (revengerali)
- Orange Tsai (@orange_8361) from DEVCORE Research Team
- Bocheng Xiang with FDU(@crispr)
- HANRYEOL PARK, HYOJIN LEE, HYEOKJONG YUN, HYEONJUN LEE, DOWON KWAK, ZIEN (https://zi-en.io/)
- Hydrobikz (https://www.linkedin.com/in/bikash-)
- Can Acar (https://imcan.dev)
- Yves Bieri of Compass Security (https://www.compass-security.com)
- DEVCORE Research Team (https://devco.re/)
- aoxsin (https://twitter.com/aoxsin)
- Endure Secure (https://endsec.au)
- Stephen Argent (https://www.runby.coffee/)
- Qian Chen (@cq674350529) from Codesafe Team of Legendsec at QI-ANXIN Group
- Jan Kopřiva of Nettles Consulting (https://www.nettles.cz/security/)
- Andrej Zaujec (https://www.linkedin.com/in/andrej-zaujec-24ba07158/)
- chumen77 from WeBin Lab of DbappSecurity Co.,Ltd.
- Bruce Chen (https://twitter.com/bruce30262)
- aoxsin (https://twitter.com/aoxsin)
- Armanul Miraz
- Jaehoon Jang, STEALIEN (https://stealien.com)
- Jangwoo Choi, HYEONJUN LEE, SoYeon Kim, TaeWan Ha, DoHwan Kim (https://zrr.kr/SWND)
- Jaehoon Jang, Wonbeen Im, STEALIEN (https://stealien.com)
- Tomer Goldschmidt and Sharon Brizinov of Claroty Research - Team82
- Vo Van Thong of GE Security (VNG) (https://www.linkedin.com/in/thongvv3/)
- Hussain Adnan Hashim (https://www.linkedin.com/in/hussain0x3c)
- TEAM.ENVY (https://team-envy.gitbook.io/team.envy/about-us)
- Tim Coen (https://security-consulting.icu)
- TEAM TGLS (Best of the Best 12th) (https://zrr.kr/SWND)
- Zhao Runzi (赵润梓)
- Kevin Wang (https://twitter.com/kevingwn_ )
- Shubham Kushwaha/ meenakshi Maurya (https://github.com/anabelle666)
- Safwat Refaat (@Caesar302)
- Jeffrey Baker (www.Biznet.net)
- Monisha N (https://www.linkedin.com/in/monisha-nagaraj-321524218/)
- Ravi (https://twitter.com/itsrvsinghh)
- remonsec (https://twitter.com/remonsec)
- TheLabda (https://thelabda.com)
- Grant Kellie (https://www.linkedin.com/in/grant-kellie-54a23b238/)
- pulla karthik srivastav (https://www.linkedin.com/in/karthik-srivastav-680359192)
- Muhammad Tanvir Ahmed https://www.facebook.com/tohidulislam.tanvir.948
- Eugene Lim, Government Technology Agency of Singapore (https://spaceraccoon.dev)
- Laurent Sibilla (https://www.linkedin.com/in/lsibilla/)
- Thomas Werschlein (https://www.linkedin.com/in/thomas-werschlein-2293384b)
- Sivanesh kumar (https://twitter.com/sivanesh_hacker)
- Davis Chang. (https://www.linkedin.com/in/hong-tsun-davis-chang/)
- @aoxsin (https://twitter.com/aoxsin)
- Chanyoung So (https://www.linkedin.com/in/chanyoung-so-62551b115/)
- Hasibul Hasan Shawon (@Saiyan0x01)
- Jose Hares (https://es.linkedin.com/in/jose-hares-arrieta-b419233b)
- Zain Iqbal (https://www.linkedin.com/in/zain-iqbal-971b76254/)
- Lukas Kupczyk, CrowdStrike Intelligence
- Tomasz Szczechura (https://www.linkedin.com/in/tomasz-szczechura-5189098b/)
- Zhao Runzi (赵润梓)
- Qian Chen (@cq674350529) from Codesafe Team of Legendsec at Qi'anxin Group
- Patrik Fabian (https://websafe.hu)
- Eugene Lim, Government Technology Agency of Singapore (https://spaceraccoon.dev)
- Jeenika Anadani (https://twitter.com/j33n1k4)
- waterpeitw (https://zeroday.hitcon.org/user/waterpeitw)
- Milan katwal (https://www.milankatwal.com.np/)
- N S R de Rooy (https://www.linkedin.com/in/norbert-de-rooy-9b24527/)
- Christian Tucci (https://www.linkedin.com/in/christian-tucci/)
- Ravindra Dagale (https://www.linkedin.com/in/ravindra-dagale-5b0913151/)
- Sanket Anil Ambalkar (https://www.linkedin.com/in/sanket-ambalkar-70211518b/)
- Chirag Agrawal (https://www.linkedin.com/in/chirag-agrawal-770488144/)
- Yimi Hu@baidu.com
- Raman R Mohurle (https://twitter.com/Raman_Mohurle)
- cmj (http://blog.cmj.tw/)
- Parth Manek
- Patrick Williams (https://www.linkedin.com/in/patrick-williams-6992b4104/)
- Amaranath Moger (https://www.linkedin.com/in/amaranath-moger/)
- Dennis Herrmann (Code White GmbH)
- Siddharth Parashar (https://www.linkedin.com/in/siddharth-parashar-b2a21b1b5/)
- Sahil Soni (https://twitter.com/sahil__soni_18?s=08)
- Hasibul Hasan Shawon -[Sec Miner's Bangladesh]
- Devender Rao (https://www.linkedin.com/in/devender-rao)
- RAJIB BAR (https://www.linkedin.com/in/rajib-bar-rjb-b3683314b)
- Atharv Shejwal (https://kongsec.io)
- Xavier DANEST (https://sustainability.decathlon.com/)
- Aditya Shende (http://kongsec.io)
- Andreas Rothenbacher (https://error401.de)
- Rachit Verma @b43kd00r (https://www.linkedin.com/in/b43kd00r/)
- Suraj SK (https://www.linkedin.com/in/suraj-sk/)
- Simon Effenberg (https://www.linkedin.com/in/simon-effenberg)
- Niraj Mahajan (https://www.linkedin.com/in/niraj1mahajan)
- Ayush Pandey (https://www.linkedin.com/in/ayush-pandey-148797175)
- Sivanesh kumar D (https://twitter.com/sivanesh_hacker?s=09)
- Touhid Shaikh (https://securityium.com/)
- N Krishna Chaitanya (https://www.linkedin.com/in/n-krishna-chaitanya-27926aba/)
- Ayush Mangal (https://www.linkedin.com/in/ayush-mangal-48a168110)
- Tameem Khalid (https://www.linkedin.com/in/tameem-khalid-641a4b192/)
- ddaa of TrapaSecurity (https://twitter.com/0xddaa)
- Praveen Kumar
- Oscar Spierings (https://polyform.dev)
- Chanyoung So (https://www.linkedin.com/in/chanyoung-so-62551b115/)
- swings of Chaitin Security Research Lab
- Hasibul Hasan Rifat (https://twitter.com/rifatsec)
- Lanni
- Yeshwanth (https://www.linkedin.com/in/yeshwanth-b-4a560b202)
- Darshan Sunil jogi (https://www.linkedin.com/in/darshan-jogi-9450431b6/)
- Chanyoung So (https://www.linkedin.com/in/chanyoung-so-62551b115/)
- Lanni
- Swapnil Patil (https://www.linkedin.com/in/swapnil-patil-874223195)
- Vladislav Akimenko (Digital Security) (https://dsec.ru)
- Muhammad Junaid Abdullah (https://twitter.com/an0n_j)
- Claudio Bozzato of Cisco Talos (https://talosintelligence.com/vulnerability_reports/)
- Jose Hares (https://es.linkedin.com/in/jose-hares-arrieta-b419233b)
- Aditya Soni (https://www.linkedin.com/in/adtyasoni)
- Mansoor Amjad (https://twitter.com/TheOutcastCoder)
- Thomas Fady (https://www.linkedin.com/in/thomas-fady)
- James Smith (Bridewell Consulting) (https://bridewellconsulting.com)
- Kinshuk Kumar (https://www.linkedin.com/in/kinshuk-kumar-4833551a1/)
- Amit Kumar (https://www.linkedin.com/in/amit-kumar-9853731a4)
- Mehedi Hasan Remon (twitter.com/remonsec)
- Joshua Olson (www.linkedin.com/in/joshua-olson-cysa)
- Vaibhav Rajeshwar Atkale(https://twitter.com/atkale_vaibhav)
- Mohammed Eldawody (www.fb.com/eldawody0)
- YoKo Kho (https://twitter.com/YoKoAcc)
- Satyajit Das (https://www.linkedin.com/in/mrsatyajitdas)
- Tinu Tomy (https://twitter.com/tinurock007)
- Aniket Bhutani (https://www.linkedin.com/in/aniket-bhutani-6ba979192/)
- Anurag Muley (https://www.linkedin.com/in/ianuragmuley/)
- Howard Ching (https://www.linkedin.com/in/howard-ching-rhul/)
- Janmejaya Swain (https://www.linkedin.com/in/janmejayaswainofficial)
- Ahmad Firmansyah (https://twitter.com/AhmdddFsyaaah)
- Agrah Jain (www.linkedin.com/in/agrahjain)
- Shivam Kamboj Dattana (https://www.linkedin.com/in/sechunt3r/)
- Pratik Vinod Yadav (https://twitter.com/PratikY9967)
- Akshaykumar Kokitkar (https://mobile.twitter.com/cyber_agent2)
- Shesha Sai C (https://www.linkedin.com/in/shesha-sai-c-18585b125)
- Yash Agarwal (https://www.linkedin.com/in/yash-agarwal-17464715b)
- Jan KOPEC(https://twitter.com/blogresponder)
- Denis Burtanović
- Hasibul Hasan Shawon -[Sec Miner's Bangladesh]
- Georg Delp (https://www.linkedin.com/in/georgdelp/)
- R Atik Islam (https://www.facebook.com/atik.islam.14661)
- Jose Israel Nadal Vidal (https://twitter.com/perito_inf)
- Thomas Grünert (https://de.linkedin.com/in/thomas-gr%C3%BCnert-250905168)
- Matteo Bussani (https://www.linkedin.com/in/matteo-bussani-77b595198/)
- Bing-Jhong Jheng (https://github.com/st424204/ctf_practice)
- Swapnil Patil (https://www.linkedin.com/in/swapnil-patil-874223195)
- Prakash Kumar Parthasarathy (https://www.linkedin.com/in/prakashofficial)
- Kitab Ahmed (www.ahmed.science)
- Ahmad Firmansyah (https://twitter.com/AhmdddFsyaaah)
- Tiziano Di Vincenzo (https://www.linkedin.com/in/tiziano-d-3324a345/)
- Pratik Vinod Yadav (https://www.linkedin.com/in/pratik-yadav-117463149)
- Diwakar Kumar (https://www.linkedin.com/in/diwakar-kumar-5b3843114/)
- Rushi Gayakwad
- Yash Ahmed Quashim (https://www.facebook.com/abir.beingviper)
- Swapnil Kothawade (https://twitter.com/Swapnil_Kotha?s=09)
- Ankit Kumar (https://www.linkedin.com/in/ankit-kumar-42a644166/)
- Aman Rai (https://www.linkedin.com/in/aman-rai-737a19146)
- Rushikesh Gaikwad (https://www.linkedin.com/in/rushikesh-gaikwad-407163171)
- Rupesh Tanaji Kokare (https://www.linkedin.com/in/rupesh-kokare-b63a78145/)
- Sumit Jain (https://twitter.com/sumit_cfe)
- Qian Chen of Qihoo 360 Nirvan Team
- Vishal Vachheta (https://www.linkedin.com/in/vishal-vachheta-a30863122)
- Zhong Zhaochen
- Tomasz Grabowski
- Nightwatch Cybersecurity Research (https://wwws.nightwatchcybersecurity.com)
- Safwat Refaat (https://twitter.com/Caesar302)
- Agent22 (https://securelayer7.net/)
- Hsiao-Yung Chen
- Rich Mirch (https://blog.mirch.io)
- Ronak Nahar (https://www.linkedin.com/in/naharronak/)
- Noman Shaikh (https://twitter.com/nomanAli181)
- David Deller (https://horizon-nigh.org)
- Mehedi Hasan (SecMiners BD) (https://www.facebook.com/polapan.1337)
- Touhid M Shaikh (https://touhidshaikh.com)
- Abhishek Gaikwad
- Kitabuddin Ahmed
- Noman Shaikh (https://twitter.com/nomanAli181)
- Ajit Sharma (https://www.linkedin.com/in/ajit-sharma-90483655)
- Agung Saputra Ch Lages (https://twitter.com/lagesgeges)
- Dan Thomsen (www.thomsen.fo)
- Erik de Jong (https://eriknl.github.io)
- Sphinx 1,2 (https://www.facebook.com/Sphinx01.10/)
- AHMED ELSADAT (https://www.linkedin.com/in/ahmed-elsadat-138755133/)
- Hasibul Hasan (SecMiner)
- Mohammed Eldawody (www.fb.com/eldawody0)
- Chris Schneider
- Abdullah Fares Muhanna (https://www.facebook.com/AbedullahFares)
- Nick Blyumberg (https://www.linkedin.com/in/nickblyumberg/)
- Axel Peters
- Muhammad Junaid Abdullah (https://twitter.com/an0n_j)
- Kyle Green
- Thomas Fady (https://www.linkedin.com/in/thomas-fady)
- Dankel Ahmed (https://hackerone.com/kitab)
- ShuangYY
- HackTrack Security
- Muhammed Ashmil K K (Kavuthukandiyil)
- Muhammad Junaid Abdullah (https://twitter.com/snoviboy)
- Kishan kumar (https://facebook.com/noobieboy007)
- Lays (http://l4ys.tw)
- Ashish Kumar (https://www.facebook.com/buggyashish)
- Lakshay Gupta (http://linkedin.com/in/lakshay-gupta-44102a143)
- Meng-Huan Yu (https://www.linkedin.com/in/cebrusfs/)
- Ifrah Iman (http://www.ifrahiman.com)
- Mohammed Israil (https://www.facebook.com/VillageLad, https://www.linkedin.com/in/mohammed-israil-221656128)
- Taien Wang (https://www.linkedin.com/in/taienwang/)
- Emad Shanab (@Alra3ees) (https://twitter.com/Alra3ees?s=09)
- குகன் ராஜா (Havoc Guhan) (https://fb.com/havocgwen)
- Yasser Gersy (https://twitter.com/yassergersy)
- Ismail Tasdelen (https://www.linkedin.com/in/ismailtasdelen)
- Thomas Fady (https://www.linkedin.com/in/thomas-fady)
- Oliver Kramer (https://www.linkedin.com/in/oliver-kramer-670206b5)
- 1N3@CrowdShield (https://crowdshield.com)
- louys, Xie Wei (解炜), Li Yanlong (李衍龙)
- Zuo Chaoshun (https://www.linkedin.com/in/chaoshun-zuo-5b9559111/)
- Ali Razzaq (https://twitter.com/AliRazzaq_)
- 丁諭祺(Yu-Chi Ding) from DEVCORE CHROOT
- Alex Weber (www.broot.ca)
- Alex Bastrakov (https://twitter.com/kazan71p)
- Mehidia Tania (https://www.beetles.io)
- freetsubasa (https://twitter.com/freetsubasa)
- Łukasz Rutkowski (http://www.forit.pl/)
- Maximilian Tews (www.linkedin.com/in/maximilian-tews)
- Bryan Galao (https://www.facebook.com/xbryan.galao)
- Jim Zhou (vip-cloud.cn)
- Chun Han Hsiao
- Nightwatch Cybersecurity Research (https://wwws.nightwatchcybersecurity.com)
- Olivier Bédard
- Mohamed Eldawody (https://www.facebook.com/Eldawody0)
- Jose Hares (https://es.linkedin.com/in/jose-hares-arrieta-b419233b)
- 郑吉宏通过 GeekPwn 平台提交
- Independent Security Evaluators (ISE) labs
- Independent security researcher, MengHuan Yu, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
- B.Dhiyaneshwaran (https://www.linkedin.com/in/dhiyaneshwaran-b-27947a131/)
- Freiwillige Feuerwehr Rohrbach (www.ff-rohrbach.de)
- Uriya Yavnieli from VDOO (https://vdoo.com)
- Jung Chan Hyeok
- Zhong Zhaochen (http://asnine.com)
- Honc 章哲瑜 (https://www.facebook.com/you.toshoot)
- Sumit Jain
- Ketankumar B. Godhani (https://twitter.com/KBGodhani)
- karthickumar (Ramanathapuram)
- Alireza Azimzadeh Milani
- Taien Wang (https://www.facebook.com/taien.tw)
- Frédéric Crozat (http://blog.crozat.net/)
- Muhammad Hassaan Khan (https://www.facebook.com/Profile.Hassaan)
- SSD/Kacper Szurek
- Alexander Drabek (https://www.2-sec.com/)
- RAVELA PRAMOD KUMAR (https://mobile.twitter.com/PramodRavela)
- Kushal Arvind Shah of Fortinet’s FortiGuard Labs
- Alvin Poon (https://alvinpoon.myportfolio.com/)
- C.shahidyan, C.Akilan, K.Sai Aswanth
- BambooFox (https://bamboofox.github.io/)
- Sajibe Kanti (https://twitter.com/sajibekantibd)
- Huy Kha (linkedin.com/in/huykha)
- Pal Patel (https://www.linkedin.com/in/pal434/)
- Pethuraj M (https://www.linkedin.com/in/pethu/)
- Ali Ashber (https://www.facebook.com/aliashber7)
- Muzammil Abbas Kayani (@muzammilabbas2 )
- Tayyab Qadir (facebook.com/tqMr.EditOr)
- Babar Khan Akhunzada (www.SecurityWall.co)
- Mahad Ahmed (https://octadev.com.pk)
- JD Duh (blog.johndoe.tw, www.linkedin.com/in/JD-Duh)
- Mubassir Kamdar (http://www.mubassirkamdar.com)
- Daniel Díez Tainta (https://twitter.com/danilabs)
- Tushar Rawool (twitter.com/tkrawool)
- Thrivikram Gujarathi (https://www.linkedin.com/in/thrivikram-gujarathi-certified-ethical-hacker-bug-bounty-hunter-53074796)
- Ashish Kunwar (twitter: @D0rkerDevil)
- Steven Hampton (Twitter: @Keritzy, https://stevenh.neocities.org/)
- Peter Bennink (https://www.linkedin.com/in/peter-bennink/)
- Thomas Fady (https://www.linkedin.com/in/thomas-fady/)
- Roopak Voleti (https://m.facebook.com/sairoopak.voleti)