Skip to main content


BlueHat Challenge

The BlueHat Challenge (the “Challenge”) presents a series of computer security problems of increasing difficulty to help users build and test their computer security skills. The Challenge has three tracks: reverse engineering, vulnerability discovery, and web design vulnerabilities.

Why accept the Challenge?

  • To learn about new and advanced areas of computer security by solving difficult problems
  • To have fun
  • To prove to yourself that you can do it

How to participate

The BlueHat Challenge is no longer open to new participants. We hope you enjoyed the first edition of the challenge!

More information

  • There's no restriction on who can participate, no time limit, and no way to fail.
  • There is no monetary reward, and this is not a contest. Your answers should be your own work. We hope that the fun and learning you gain from completing the Challenge is reward enough. We do plan on publicly recognizing people who finish the Challenge.
  • If you find this sort of thing fun, you’d probably like working here. We solve problems like this every day and we have lots of open positions. You can see a list of our available positions at, and we encourage you to submit an application!

You may also be interested in the Microsoft Security Bounty Programs, which provide cash rewards for eligible individuals who identify security vulnerabilities.

A quick word from our lawyers...

By participating in the Challenge, you understand that we cannot control the incoming information you will disclose to our representatives in the course of submitting your answers in the Challenge, or what our representatives will remember about your submission. You also understand that we will not restrict work assignments of representatives who have had access to your submission. By participating in the Challenge, you agree that use of information in our representatives’ unaided memories in the development or deployment of our products or services does not create liability for us in connection with the Challenge or under copyright or trade secret law.

If you do not want to grant us these rights to your answers, please do not participate in the Challenge.

Featured Video

Importance of Outreach: Our strategy with security researchers

BlueHat Blog

Microsoft Security :: Bluehat Challenge | Security Collaboration | MSRC:

More Posts

BlueHat Archive

See past BlueHat Sessions

BlueHat v12

BlueHat v11

BlueHat v10

BlueHat v9

BlueHat v8