September 1, 2020

H1-2010 Overview

Note: Verizon Media is now known as Yahoo.

H1-212 1st Place Ring

UPDATE: We are thrilled to see the amount of excitement for h1-2010! Because we’re seeing more registrants than we anticipated, we’ve decided to shift the dates to September 22 - October 30, 2020 to allow our team more time to expand the scope. This is the biggest live hacking event ever, and we want to make sure there is enough scope for everyone. Thank you so much for being part of it. Looking forward to making history together!

H1-2010: The Paranoids’ Bug Bounty World Championship

This event is a multi-part event series, consisting of three unique events which will each follow the usual hacking event format, adapted for virtual participation.  All other event specifics such as rules of engagement, bounty tables, and standard severity settings for most bug types will be shared through the event program policy page.

H1-2010-Open

Participants: Register Here
Scoping Call: September 22, 11am EDT
Submissions Period: September 22, 12pm EDT - September 26, 11:59pm EDT
Dupe Period: n/a
Awards (from The Paranoids):

  • Hacker of the Day (one per day)
  • Best Written Report (4)
  • Top 50 Hackers will be invited to H1-2010-Qualifier

Break: September 27 - October 7

H1-2010-Qualifier

Participants:

  • Top 50 Hackers from H1-2010-Open
  • 6 Golden Ticket Winners*

Scoping Call: October 8, 11am EDT
Submissions Period: October 8, 12pm EDT - October 14, 5pm EDT
Dupe Period: October 8, 12pm EDT - October 11, 11:59PM EDT
Awards (from The Paranoids):

  • Hacker of the Day (one per day)
  • Best Written Report (4)
  • Top 25 Hackers

Break: October 15 - October 20

H1-2010-Final

Participants: Top 25 Hackers from H1-2010-Qualifier
Scoping Call: October 21, 11am EDT
Submissions Period: October 21, 12pm EDT - October 27, 5PM EDT
Dupe Period: October 21, 12pm EDT - October 25, 11:59PM EDT
Awards (from The Paranoids):

  • Hacker of the Day (one per day)
  • Best Written Report (4)
  • Bug Bounty World Championship ring (3)

Closing Ceremonies: October 30, time TBD

First place ring from our original culmination event, The Paranoids Bug Bounty Showdown, in 2019 H1-213.

Onwards and Upwards

Each event will feed into the next. We will utilize the HackerOne leaderboard to rank all hackers participating in each event. At the end of the event, meaning after we’ve awarded bounties on all eligible reports, we will put a lock on the leaderboard and announce the Top Hackers (50 for the Qualifier or 25 for the Final) who are moving on to the next event.

The HackerOne leaderboard will be ranking based on total rewards earned by each hacker.

*Golden Ticket Winners

During H1-2004, we posted a challenge on Twitter: that the first three people to file three high value reports would earn a merit-based invitation to our next live hacking event. The intention was to have three brand new folks joining us at the event, but it turned out that the first three people to meet the criteria were folks who would (mostly likely) have gotten an invitation anyways because they have met the invitation criteria for the past four events we’ve done. So instead, we looked a little farther and saw that the next three people to finish the challenge were exactly who it was intended for. After a very short discussion, we decided to extend the invitations to all 6 instead of just those first three. Since the H1-2010-Open is open to the world, there is no invitation needed. Therefore, we are extending the invitation to these 6 hackers to participate in H1-2010-Qualifier. If they rank in the top 50 list, then they have earned their spot on their own merit. If they choose not to participate, or do not rank #50 or above, they will still receive an invitation because of this Golden Ticket.

Did you miss the opportunity? Keep an eye on our Twitter account, @theparanoids, we might do this sort of thing again.

Hacker Collaboration

HackerOne and The Paranoids love collaboration and when hackers work together. How does that get reflected on the leaderboard? See breakdown below:

Collaboration - Two or more hackers working together to find and file a bug. You can use the HackerOne platform’s built in “Collaborator” features to invite partners to your report so you can split a bounty. You can weigh each collaborator’s bounty as a percentage based on contributions and impact to the bug itself, split bounties evenly across all those on the report, or however you would like.
Note: the submitter of the bug does not have to carry the largest bounty weight.

Teams - This is not a team-focused event; if you want to dedicate yourself to a team of hackers, both HackerOne and The Paranoids encourage this type of collaboration. Teams will fall under normal collaboration rules and processes (described above).
Note: The only hackers (individuals or team members) who will progress into H1-2010-Qualifier will be those who earn enough bounties to make it into the Top 50 on the leaderboard (and then the top 25 will progress into H1-2010 Final).

Which then brings us to the question of the event awards:

  • There is only one HackerOne MVH Belt
  • There is only one Paranoids’ 1st Place Ring (and one 2nd and one 3rd place ring)

HackerOne has a dedicated award specifically for Best Team Collaboration! This is for any teams between hackers that collaborate together. Award winners will be selected with the following criteria: Consistency, Criticality, and Community.

Are You Ready?

Register Here to participate in this event, mark your calendar for the scoping call on September 10th, and then let us know how excited you are by using @theparanoids, @hacker0x01, and #H12010 on Twitter.

Get a head start on the Open by preparing your tools to add a custom header that looks like “X-Bug-Bounty: <contact info>”. During each event, we will be providing unique identifiers to each participant so that we can keep track of registered versus unregistered users.

We’ll make sure to go over all details of the event, including any rules and regulations during the Scoping Call and on the event’s program policy page. Be sure to register above to receive an invite and then join us for the opening call!

Keep reading about this event: H1-2010 - How We Got Here