- Rec Room Video Games -
be warned, closes reports for Frida
- Riot Games
- Rockstar Games
- Epic Games
- Valve
- Nintendo -
doesn't want game bugs (just console) - Playstation -
doesn't want game bugs (just console) - SEGA
- Roblox
- PUBG -
send bug and they will add to private - Scopely
- Kaneva
- Flutter UK&I
- EXTERNAL: Gameloft -
hard to reach - EXTERNAL: GameForge
- EXTERNAL: Aeria Games -
doesn't want bugs right now - EXTERNAL: StopGame
- EXTERNAL: Smite - The Game -
doesn't want bugs right now - EXTERNAL: Game321
- EXTERNAL: CodinGame
- EXTERNAL: Z8Games
- EXTERNAL: Chess.com -
doesn't want bugs right now - EXTERNAL: CCP Games -
lack of communication - EXTERNAL: Wargaming.net
- Unity: Impersonating Other Players with UDP Spoofing in Mirror
- CS:GO: From Zero to 0-day
- Chess.com: Checkmate
- Dota 2: How a V8 Bug Was Exploited in the Game
- Instant Games: DOM-XSS due to improper verification of supplied URLs
- Facebook: Disclosing page admins by playing a game
- XSS on account.leagueoflegends.com via XDM -
reported 2016 - Ubisoft: Fuzzing game server and blind format string
- Epic: Rediscovering Epic Games 0-Days (LPE)
- Nintendo Mario Kart: Improper verification of Competition creation allows to create "Official" competitions
- Unity: Hacking Unity Games with Malicious GameObjects
- Valve: Source engine remote code execution via game invites
- Facebook: Applying Offensive Reverse Engineering to Facebook Gameroom
- InnoGames: Destroying Armies and Villages through Cross-Site Scripting
- Valve: Unchecked weapon id in WeaponList message parser on client leads to RCE
- Valve: Material path truncation leads to Remote Code Execution
- Valve: CS:GO - Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution
- Valve: Remote Code Execution using malicious WAD list in BSP file
- Valve: Finding vulnerabilities in Valve's Steam Sockets -
links some good game hacking videos (DefCon)
- Guided Hacking
- Game Hacking Academy
- Introduction to Game Hacking
- CS420 Game Hacking Course
- OffensiveSecurity: Intro to Game Hacking
- Game Hacking Bible
- 247CTF: Game Hacking 101
- LiveOverflow: Minecraft Hacking
- LiveOverflow: Pwnie Island
- LiveOverflow: Developing a Hackable Game
- HackTheBox: Intro to GamePwn
- GuidedHacking: Hack Electron games with Chrome DevTools
- OWASP: Hacking Mobile Games with Alex Rosenzweig
- CheatTheGame: LUA Learning
- GuardSquare: Practical Security for Mobile Game Developers (3-part blog series)
- Stephen Chapman: Hacking Online Games
- Rohan Aggarwal: Bypassing Anti-Cheats And Hacking Competitive Games
- Videos
- Guided Hacking
- Stephen Chapman
- LiveOverflow
- 247CTF
- CyborgElf
- DexTag
- Cheat The Game
- cazz
- iwanMods
- Apxaey
- Baseult
- Null
- aXXo
- Byte Bandits 2023: The Unforgiving Jungle
- Sekai 2022: Perfect Match X-treme
- Google 2021: Hackceler8
- RACTF 2021: RSFPWS
- Faust 2021: thelostbottle
- Faust 2021: Loney Island
- NITE 2021: Lost Dungeon
- corCTF 2021: AliceInCeptionland
- CSCG 2020: Follow the White Rabbit (2 parts)
- CSCG 2020: Maze (6 parts)
- ALLES! 2020: Craft
- ALLES! 2020: Flag Service Revolution
- ALLES! 2020: Pre-historic Mario
- angstrom 2020: Woooosh
- nullcon HackIM 2020: Zelda Adventures
- nullcon HackIM 2020: Zelda in Space
- Midnight Sun 2020: StarCraft - Brood War
- TomorrowIsNew Blog
- Parsiya
- Blog Posts, Articles, Presentations
- Comparative Study of Anti-cheat Methods in Video Games
- Intigriti: hg_real
- Intigriti: xor
- Intigriti: ferib
- Intigriti: tomorrowisnew
- Intigriti: hacktus
- Intigriti: mattibijnens
- Intigriti: batee5a
- HackerOne: nyancat0131
- Twitter List -
hard to determine relevance, many are general reversing/malware focused