
Jul 1, 2024
OffSec’s User-Generated Content
Learn about OffSec’s UGC program. Submit your machines, earn bounties, and be part of a global community.
In 2020, we embarked on an ambitious journey to enhance our cyber range offerings by launching a user-generated content (UGC) program. This program invited security researchers, penetration testers, and exploit developers from around the world to submit vulnerable virtual machines. If accepted, these submissions would earn their creators a bounty. Today, we are thrilled to celebrate the tremendous success of this initiative and share some exciting milestones we have achieved along the way.
1. Impressive Submissions: Since the inception of the UGC program, we have received an astounding 646 submissions from talented individuals across the globe. Each submission represents hours of dedicated work, creativity, and a deep understanding of cybersecurity. The diverse range of vulnerabilities and scenarios these virtual machines encompass has significantly enriched our cyber range, providing invaluable resources for learning and training.
2. Substantial Bounty Payouts: We believe in recognizing and rewarding the hard work and expertise of our contributors. To date, we have paid out more then $50,000 in bounties. These payouts not only reflect our commitment to supporting the cybersecurity community but also underscore the quality and value of the submissions we receive. Each bounty is a token of our appreciation for the innovative contributions that drive our platform forward.
3. A Truly Global Community: Our UGC program has attracted participation from authors in 54 countries, underscoring the universal appeal and relevance of our cyber range and PG-Practice labs. This diverse and inclusive community brings together a wealth of perspectives and experiences, fostering a rich environment for knowledge exchange and collaboration. We are proud to be part of a global effort to advance your cybersecurity education and experience.
The success of our UGC program is a testament to the power of collaboration and the importance of community-driven initiatives. By harnessing the collective expertise of security professionals worldwide, we have been able to:
- Enhance Training and Education: The variety and complexity of the submitted virtual machines have significantly enriched our labs, providing learners with real-world scenarios to hone their skills.
- Promote Innovation: The creative solutions and novel vulnerabilities submitted by our contributors push the boundaries of what is possible in cybersecurity training, driving continuous improvement and innovation.
- Foster a Supportive Community: By rewarding contributions and celebrating successes, we have built a supportive and engaged community that is passionate about advancing cybersecurity knowledge and practice.
As we celebrate these milestones, we are more committed than ever to supporting and growing our UGC program. We are continuously working to improve the submission process, increase bounty rewards, and expand our reach to even more countries. Our goal is to create a platform that not only benefits our users but also contributes meaningfully to the broader cybersecurity community.
We extend our heartfelt thanks to every contributor who has submitted a virtual machine, provided feedback, or supported our program in any way. Your efforts are the cornerstone of our success, and we look forward to achieving even greater heights together.
If you are a security researcher, penetration tester, or exploit developer, we invite you to join our UGC program. Submit your virtual machines, earn bounties, and be part of a global community dedicated to enhancing cybersecurity education and practice.
Happy Hacking!
MrG00dCat
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read