BUG BOUNTY

Don’t try to exploit any DoS vulnerabilities, social engineering attacks, physical attack or spam !
No Bruteforce allowed
Don't publicly disclose a bug before it has been fixed
We reserve the right to cancel this program at any time and the decision to pay a reward is entirely at our discretion.
Don’t violate any law and stay in the defined scope
You also must not disrupt any service, or compromise personal data
Any failure to comply with these rules will be sanctioned by exclusion of hunter’s submission and even worse...

Each hunter have to create an account on the Bug Bounty platform YesWeHack.com in order to validate the rules before hunting for bugs and accessing to the programs.
Each hunter of the NuitDuHack Bug bounty will be subject to terms of use of the BountyFactory.io platform.
Each registrant will receive the title of HZV member for the entire duration of the leHACK.
No actual or past employee of program’s scopes can join the program.

Please observe the following rules:

Submit bugs only through Bug Bounty plateform YesWeHack.com
A Bug Bounty submission must contain an example (unique request or PoC code) and description of the weakness, and provide enough information to analyze the progress of the attack and can be easily replayed, which will simplify the validation of bugs and will impact the amount of the reward.
The validity of each submission and the amount of reward shall be decided by the validation committee.
10h30 Bounty opening, validation committee presentation

Hall of Fame (HoF) for all and for the duration of the Bounty
Bounty within the limits of the pool, amount according to criticality / elegance / documentation (All the rewards will be made through the YesWeHack.com platform)
Bounty ©

Bounty : financial reward after reporting a bug relevant, compliant with rules and interesting
Dashboard : Web application allowing hunters to register, report bugs and follow their evolution
Hunter : person doing the contest and physically located on the leHACK building.