Once a year, pentesters have a chance to loudly announce their achievements and show their contribution to the development of the Russian information security market. Pentest award announced the collection of applications.
The award for pentesters is held to recognize the merits of specialists in the field of penetration testing, help them demonstrate their experience, familiarity and talent, as well as increase the level of competence of all participants by sharing unique experience.
Nominations and awards
Last year, the participants showed a high level of professionalism and took 12 awards. This year, the number of nominations has increased to six and 18 people will receive awards.
* WEB Penetration: for proficiency in identifying and exploiting vulnerabilities in web services, APIs, and other web application components.
* Infrastructure Penetration: for penetration and exploitation of network infrastructure vulnerabilities, including, but not limited to, network devices, network services, and IoT devices.
* Device: for research on technical flaws found in a variety of devices, firmware, and environments.
* Hack the logic: for finding the top logic bugs.
* One bypass, two bypass: for the most beautiful bypass of information security tools.
* Catch a fish: for the most original phishing or an attempt to socialize employees.
The main prize is a glass personalized statuette for the first place, a MacBook, tickets to the OFFZON conference and the maximum honor of the ethical hacker community. For the second and third places, the winners will receive iPhones, smart watches, as well as gifts from project partners: a set of BI.ZONE Bug Bounty merch, a smart speaker, merch and a tour from VK Bug Bounty. The award ceremony will be held on August 2 in Moscow.
Participation and jury ratings
Participation is free, you only need to send an application — this is a story about the best project in free form. There is no need to disclose exploits, any steps in the exploitation chain can be completely anonymous, and details can be hidden. It is important to reflect the approach and idea itself. The award jury pays attention to the detailed narrative, description of the context and introductory materials, screenshots and proofs of vulnerabilities, non-standard approach and creativity, complexity of operation, for example, the use of proprietary exploits, long-term research, and other features.
The independent jury consists of the best practicing off-site security specialists from top Russian companies. After voting and consulting, they will present the shortlist of nominees at the end of July.
Composition of the jury:
Ilya Karpov is the Head of Cybersecurity Research and Scenario Development at the National Cyber Training Center. Registered more than 300 CVEs, TOP 5 BDU FSTEC. Co-founder of the RUSCADASEC community and the SCADAXSECURITY research group.
Pavel Toporkov is an independent researcher, bug hunter, speaker at international conferences, author of zero-day vulnerabilities in SIEMENS, REDIS, OPENSTACK and other products.
Vyacheslav Kasimov is a CISO at CREDIT BANK OF MOSCOW, one of the top 10 systemically important banks. For 15 years he has been working as a CISO in the largest Russian banks and NSPK. He has extensive experience in building practical information security from scratch, designing complex information security and anti-fraud systems. He is an adept of a risk-based approach to building information security and using the best international practices in his work.
Mikhail Sidoruk-Head of Security Analysis Department at BI. ZONE.
Dmitry Morev — Director of Information Security at RuStore. More than 15 years in information security. The main focus is AppSec and infrastructure security.
Anton Lopanitsyn (bo0om) is an information security researcher and industry blogger. Winner of last year's Pentest award in the Hack the logic category.
Roman Shemyakin — Lead Application Security Engineer at Yandex.
Sergey Kuzminov - Head of Penetration Testing and RedTeam at BI. ZONE
Vadim Shelest is the head of the security analysis group at Wildberries. He has been conducting pentests and Red/Purple Teaming projects for more than 12 years. Author of numerous articles on practical information security, speaker at international conferences. Author of the PurpleBear channel.
Pavel Nikitin-head of Red & Purple Team VK. Improves the security of the VK infrastructure. For more than 10 years in the information security industry, he tested the strength of the systems of the defense industry, banks and various commercial organizations.
Roman Panin-Head of Information Security Architecture at MTS and author of the telegram channel "Security Package"
Alexander Gerasimov is a CISO and co-founder of Awillix, the Pentest award organizing company.
Collection of applications is open until June 23, 2024. More information is available on the project's website — https://award.awillix.ru/
The award for pentesters is held to recognize the merits of specialists in the field of penetration testing, help them demonstrate their experience, familiarity and talent, as well as increase the level of competence of all participants by sharing unique experience.
Nominations and awards
Last year, the participants showed a high level of professionalism and took 12 awards. This year, the number of nominations has increased to six and 18 people will receive awards.
* WEB Penetration: for proficiency in identifying and exploiting vulnerabilities in web services, APIs, and other web application components.
* Infrastructure Penetration: for penetration and exploitation of network infrastructure vulnerabilities, including, but not limited to, network devices, network services, and IoT devices.
* Device: for research on technical flaws found in a variety of devices, firmware, and environments.
* Hack the logic: for finding the top logic bugs.
* One bypass, two bypass: for the most beautiful bypass of information security tools.
* Catch a fish: for the most original phishing or an attempt to socialize employees.
The main prize is a glass personalized statuette for the first place, a MacBook, tickets to the OFFZON conference and the maximum honor of the ethical hacker community. For the second and third places, the winners will receive iPhones, smart watches, as well as gifts from project partners: a set of BI.ZONE Bug Bounty merch, a smart speaker, merch and a tour from VK Bug Bounty. The award ceremony will be held on August 2 in Moscow.
Participation and jury ratings
Participation is free, you only need to send an application — this is a story about the best project in free form. There is no need to disclose exploits, any steps in the exploitation chain can be completely anonymous, and details can be hidden. It is important to reflect the approach and idea itself. The award jury pays attention to the detailed narrative, description of the context and introductory materials, screenshots and proofs of vulnerabilities, non-standard approach and creativity, complexity of operation, for example, the use of proprietary exploits, long-term research, and other features.
The independent jury consists of the best practicing off-site security specialists from top Russian companies. After voting and consulting, they will present the shortlist of nominees at the end of July.
Composition of the jury:
Ilya Karpov is the Head of Cybersecurity Research and Scenario Development at the National Cyber Training Center. Registered more than 300 CVEs, TOP 5 BDU FSTEC. Co-founder of the RUSCADASEC community and the SCADAXSECURITY research group.
Pavel Toporkov is an independent researcher, bug hunter, speaker at international conferences, author of zero-day vulnerabilities in SIEMENS, REDIS, OPENSTACK and other products.
Vyacheslav Kasimov is a CISO at CREDIT BANK OF MOSCOW, one of the top 10 systemically important banks. For 15 years he has been working as a CISO in the largest Russian banks and NSPK. He has extensive experience in building practical information security from scratch, designing complex information security and anti-fraud systems. He is an adept of a risk-based approach to building information security and using the best international practices in his work.
Mikhail Sidoruk-Head of Security Analysis Department at BI. ZONE.
Dmitry Morev — Director of Information Security at RuStore. More than 15 years in information security. The main focus is AppSec and infrastructure security.
Anton Lopanitsyn (bo0om) is an information security researcher and industry blogger. Winner of last year's Pentest award in the Hack the logic category.
Roman Shemyakin — Lead Application Security Engineer at Yandex.
Sergey Kuzminov - Head of Penetration Testing and RedTeam at BI. ZONE
Vadim Shelest is the head of the security analysis group at Wildberries. He has been conducting pentests and Red/Purple Teaming projects for more than 12 years. Author of numerous articles on practical information security, speaker at international conferences. Author of the PurpleBear channel.
Pavel Nikitin-head of Red & Purple Team VK. Improves the security of the VK infrastructure. For more than 10 years in the information security industry, he tested the strength of the systems of the defense industry, banks and various commercial organizations.
Roman Panin-Head of Information Security Architecture at MTS and author of the telegram channel "Security Package"
Alexander Gerasimov is a CISO and co-founder of Awillix, the Pentest award organizing company.
Collection of applications is open until June 23, 2024. More information is available on the project's website — https://award.awillix.ru/
