Show off your talent.
Take part in the Bug Bounty Campaigns launched by our Clients and earn financial rewards based on the vulnerabilities you can find.
Are you a cybersecurity expert? Would you like to challenge equally skilled colleagues? Did you just graduate? Are you looking for an opportunity to expand your knowledge in the field? Would you like to monetize your cybersecurity skills?
The Tryber Community is the first Community in Italy to offer crowdsourced Ethical Hacking services by certified European experts.
It’s the most challenging, most rewarding workplace you can find.
Trust is fundamental for a solid relationship between our Clients and the Ethical Hackers who join our Community: our professionals are entrusted with corporate cybersecurity, sensitive data, and private information.
Becoming a certified Ethical Hacker requires experience, constant updating, passion, intelligence, and, of course, solid ethics. UNGUESS Security recognizes the career path of our experts and strives to enhance it within our company.
Collaboration with fellow cybersecurity experts is crucial in order to offer competitive and efficient services. Our platform and Hacker Team management models are designed to facilitate the dialogue between our Community members and the corporations we serve.
UNGUESS Security has been chosen by important national and international corporations. Joining the WhiteJar Community allows Ethical Hackers to challenge themselves by coming face-to-face with dynamic, complex environments.
Our reward program works based on the vulnerabilities found by each Ethical Hacker, challenging Community members to do their best and compete to demonstrate their skills and grow their reputation.
UNGUESS Security handles all financial bureaucracy to allow the experts to focus solely on their work.
STEP. 1
First, subscribe to TRYBER by clicking here
STEP. 2
Then ask to be part of the ethical hacking community by filling out this form
STEP. 3
If successful you will receive information to join the EH community
STEP. 4
Use your personal control panel to view active campaigns and choose programmes to participate in
STEP. 5
Find vulnerabilities and, once validated, share them with the customer along with documentation and resolution recommendations
STEP. 6
Receive reward for validated vulnerabilities directly through the platform
OUR MISSION IS AS SIMPLE AS IT IS AMBITIOUS: TO MAKE THE WORLD A SAFER PLACE. To carry out the mission, every Ethical Hacker from the TRYBER Community adheres to and promotes all principles of our Manifesto:
We are cybersecurity professionals. There is no discrimination in our Community for skin color, sexual orientation, gender, age, culture, or religion.
We condemn any criminal act and abhor any act perpetrated through cyber technologies to damage the freedom, image, and life of people and corporations.
Our curiosity is what fuels our work and pushes us toward new horizons.
The physical perimeter of our actions is the known world as well as the unknown world.
The temporal perimeter of our actions is every second, every minute, every hour, every day, and every year of our life.
Technology is our most powerful ally.
Knowledge is our strategy.
Our Community is our Team.
Shared Intelligence is our strength.
Our payout system is based on OWASP Risk Rating.The system sorts verified vulnerabilities by risk seriousness based on two factors: probability and impact (technical impact and business impact).
A given vulnerability may be extremely threatening for a corporation but not so much for another. Once sorted, vulnerabilities get assigned intervention priority. Every time a vulnerability is verified, the Ethical Hacker who found it receives Badges and Experience Points. A ranking of the best performing Ethical Hackers is visible on the platform.
Remuneration will be set based on the risk represented by the vulnerability found and the financial reward (Bounty) pre-set by the client according to the standards of Bug Bounty tables. The quality of the work is monitored by the TRYBER Hacker Teams, according to methodology, technical assets, and strategies implemented by the Hacker.
Public and private
Clients can choose whether to have a Bug Bounty program open to the entire Community of Ethical Hackers (public) or target their campaign at a selection of profiled experts (private).
Bug Bounty / Subscription and Rewards / One-shot and Ongoing
During the time covered by their subscription, the Client can launch a limitless number of Campaigns at any time, setting a budget for rewards each time.
At this moment we have experience on Private Bug Bounty Programs or Public Bug Bounty Programs. A program can last a precise time period (like 1 month) or stay active forever (until you decide to end it). But our philosophy is that we want to stay flexible and give you the maximum space to engage with the Ethical Hackers community. This means that we can also work on custom programs, as long as we bring value to the community (for example: Capture The Flag program). Being part of the crowd means staying in touch with us, connecting with our teams, and helping us to grow the community. We want to engage with you!
It depends on the kind and criticality of the vulnerability. We can pay from €100 to €10,000, sometimes even more. We will share the payout rules for every program so you can decide if you want to take part or not. However, if the customer involves you in some more engaging activity, we can also pay for extra time or custom projects. We only work on reporting vulnerabilities, not solving them. The report format must be very thorough, and it’s usually made of step-by-step reproducibility, PoC, Suggested Mitigation, Type (e.g. SQLi), Severity (e.g. CRITICAL), and media (e.g. screenshots). The type of vulnerabilities we will accept in every program can vary, and we can define the in-scope and out-of-scope together. For example, we can work on RCE, SQLi, XSS, CSRF, Authentication bypass, Horizontal or Vertical privilege escalation. But, with a particular scope, like for example an IoT device to be tested, we can vary the type of vulnerability and the reward.
No. We are an Ethical community who will ask you to share your ID. We believe that there are excellent Hackers that don’t have a problem sharing their ID and certifications. So, if you only want to appear with a nickname ant stay blind, TRYBER is not the space for you.
Yes, you can!
All Ethical Hackers must sign confidentiality bonds and are not “unknown” people. We will ask you to subscribe to a code of ethics (Article 2 of our T&C) and follow a certification path (Article 3 of our T&C) which requires, among other things, identity verification, verification of held certifications, and training of various kinds. This process implements logics similar to the stringent verification procedure applied in the EU, called KYC. Accepted certifications evolve during time and can involve: CEH, CISSP, GXPN, OSCP, GWAPT, GMOB.
However, we also accept non-certified Ethical Hackers in the process because we think that the crowd windows and the power of collective consciousness is more powerful than the single Pen Tester work.