DarkMatter Group is a leading Emirati technology company, focusing significantly on advanced technologies that enable smart and safe digital, including blockchain and cryptography. Since its establishment in 2015, We have developed a portfolio of solutions aimed at enhancing and securing critical infrastructure within the key sectors that underpin society: defense, intelligence, civil government, financial services, transportation, energy, and telecommunications.
For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
Please be aware that injection type issues that are present on the same
form/functionality, but slightly different parameters, will be treated as
single issues. For instance, if ever parameter on
/foo is vulnerable to XSS,
only the first submission here will be reward, and all subsequent findings
against this form will be considered duplicates.
NOTE: for any P1/2 type issues, please include a video PoC with your initial report, as that will help us validate in a more expedient fashion. Thanks!
Last updated 11 October 2018 19:34:36 UTC
Technical severity | Reward range
p1 Critical | $1,200 - $1,200
p2 Severe | $800 - $800
p3 Moderate | $300 - $300
P4 are only eligible to receive kudos points. P5 submissions do not receive any rewards for this program.
Target name | Type
www.darkmatter.ae | Website
xen1thlabs.com | Website
katim.com | Website
Any domain/property of DarkMatter not listed in the targets section is out of scope. This includes any/all subdomains not listed above.
idcommand, SQL injection limit to only select queries (no
DELETEetc). Proving the point is sufficient without having to go 10 layers deep.
Testing for this target will be External Only. No credentials will be provided for this assessment.
This program follows Bugcrowd’s standard disclosure terms.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
Contact us if you want more information.