Hi Everyone,

Hope you are having a lovely summer vacation.

I have had the good fortune of seeing a few of you in HiTB, it is always a pleasure to meet the faces behind the emails/handles.

We are going to try and get more tickets for to the following conferences:

  • Xcon (Mid August 2014)
  • BlackHat (Early August 2014)
  • Kiwicon (Early Nov 2014)
  • NoSuchCon (Mid Nov 2014)
  • 44Con (London, UK, 13 - 15 September 2017)
  • EkoParty (Buenos Aires, Argentina, 27 - 29 September 2017)
  • t2 (Helsinki, Finland, 26 - 27 October 2017)
  • CodeBlue (Tokyo, Japan, 7 - 10 November 2017)
  • ZeroNights (Moscow, Russia, 16 - 17 November 2017)
  • HITCON (Taipei, Taiwan, October 2017)

I got a few requests already for free entry tickets for those events, those that have not yet sent such a request, let me know. The free entry includes both an entry ticket as well as up to 1000$ USD in travel expenses.


Other General Info/Updates


Those who do not familiar with Hack2Win - it's a hacking competition we started at BlueCode 2015.

The competition is focused on IoT devices (Such as NAS / Routers / Switches etc) and the prizes are up to 5,000$ USD.

This year we are doing thing a little different:

  • We launched a Hack2Win Online Version (https://blogs.securiteam.com/index.php/archives/3236)
  • There is only one target: D-Link router (AC1200 / DIR-850L)
  • The total amount of money we will be giving away during the contest 10,000$ USD.
  • To help you win – we bought one such device, D-link DIR-850L, and plugged it to the internet (we will disclose the IP address of this device on the 1st of July 2017)


This year we are going to have 3 categories of products.

Each category will contain products at a different difficulty level, for example:

  • Category 1: Cisco router, Amazon Echo, Huawei router / Qnap NAS
  • Category 3: TP-Link router


  • Category 1: up to 10,000$ USD
  • Category 2: up to 5,000$ USD
  • Category 3: up to 1,000$ USD



Beyond Security Announces Winners of Hack2Win 2017


Also, our “friend bring friend” program is still running (you are paid 4000$ for every researcher that will start working with us)

Additionally, If you need software License / Hardware to conduct your research - drop me an email and we will see how we can help 

We published the following vulnerabilities:


Last, but not least, our current customers' interest scope is:

  • Privileges Escalation in:
    • iOS
    • Android
    • Linux PE
  • Vulnerabilities in Ubuntu Desktop services/programs
  • Dropbear SSH
  • Web applications:
    • Roundcube post/pre-auth RCE
    • pre-authentication for Roundcube, Zimbra, Squirrelmail, MailEnable, Joomla, Wordpress, Plesk, cPanel
    • Privileges Escalation for Plesk, cPanel
    • File Disclosure for Zimbra, MailEnable, Plesk, cPanel

Thank you all and have a nice summer vacation.

Noam Rathaus
Beyond Security

SSD program home page

Request Info