RESEARCH & AWARDS RESEARCH & AWARDS RESEARCH & AWARDS

Discovered a privilege escalation vulnerability where users with MODIFY permissions could perform unsafe actions on system resources to gain superuser access.

Identified a regression in the patch for CVE-2025-23015, allowing low-privileged users to escalate to superuser via similar unsafe resource manipulation.

Found a critical flaw in the unauthenticated cluster service port that allowed attackers to execute arbitrary commands on management server hosts.

Revealed an improper initialization logic that caused the integration API service to listen on a random port, exposing the system to remote code execution.

Demonstrated a SAML authentication bypass where attackers could submit unsigned, spoofed SAML responses to compromise user accounts.

Details currently under embargo or reserved.

1st place out of 200 teams.

Uncovered CVE-2018-12883, demonstrating a fundamental failure in Respondus's environment detection that allowed users to circumvent the application's primary function and restore full system privileges.

1st place out of 165 teams.