How to become eligible for Hybrid Pentesting?

Guaranteed income, fresh scope, and no researcher competition sounds like paradise to you? Stop dreaming right now and have a look at Intigriti’s new Hybrid Pentest solution.

Hybrid Pentesting in a nutshell!

Intigriti’s Hybrid Pentest solution is taking the best out of the bug bounty world and combines it with the time-boxed way of working of traditional penetration testing. Researchers who are eligible to run Hybrid Pentests have a dedicated overview of current pentest offerings when logging into the Intigriti platform.

Eligible researchers will see an additional pentest tab in the top menu

After carefully studying the scope and timeframe of a Hybrid Pentest, a researcher can apply to become the tester of choice selected by the target company. For each day of testing, the hacker receives a base-bounty (daily reward for investing time searching for vulnerabilities). Next to the guaranteed income, there is also a bounty pool from which a researcher can earn additional rewards when finding vulnerabilities.

When a Hybrid Pentest concludes, each hacker has to post a short summary that explains all test steps via the Intigriti platform. After a careful review by Intigriti and the target company, the Hybrid Pentest reward will be awarded to the hacker.

How do you sign up for a hybrid pentest as a researcher?

Intigriti Hybrid pentests were released to the public in October 2022 starting with a small number of researchers who were eligible to run pentests. The researcher base has since then steadily grown and Intigriti will continue to add new talent to this pool.

Intigriti is currently working with specific criteria that need to be met in order to be contacted to sign up for Hybrid Pentesting. Here is what you will need to achieve:

• Get ID checked

• Have your account registered for 1+ years

• Have found at least 1 critical/exceptional

• Have 80+% validity ratio overall

• Have found more than 15 vulnerabilities all-time

• Have under 33% informative/out-of-scope/not-applicable/spam submissions within your last 15 submissions

• Have 50+% submissions found on paid programs (non RDP)

Once you meet these criteria, the Intigriti Hybrid Pentest team will gradually reach out to you to see if you are interested in joining. If your feedback is positive, you will be invited to a short interview to get to know you and your hacking motivation a little better.

If equivalent performance on comparable platforms can be demonstrated, these criteria may also be considered fulfilled. The same goes for researchers who were engaged in part- or full-time employment with the main responsibility of conducting pentests for IT assets.

Meet the criteria

We would like to encourage you to hack on Intigriti’s bug bounty programs to improve your stats! We will gradually reach out to more researchers who meet our Hybrid eligibility criteria as we grow Intigriti Hybrid Pentests over the next years. Trust us, there will be plenty of opportunities waiting for you. Good luck!

Additional links:

• Intigriti’s Hybrid Pentesting datasheet

  • A go-to-guide for the facts on Intigriti’s take on Penetration Testing as a Service.

• Hybrid Pentesting presented by Pascal, our Hybrid Pentest Manager

  • A presentation explaining the motivation behind hybrid pentesting, how it works and a look at some FAQs.