Scavengers

Scavengers combines sandbox-style PvE survival with class-based PvP combat in a free-to-play action shooter. Built on Unreal Engine and deployed across PC and console, the title relies heavily on secure multiplayer networking and live services infrastructure.

For Improbable and Midwinter Entertainment, the security scope spanned:

• Unreal Engine networking services
• Live backend services
• Combat and physics systems
• Class and tier progression
• In-game shop functionality
• VOIP and chat systems
• Player and inventory management

In hybrid PvE/PvP environments, vulnerabilities in progression systems, combat validation, or multiplayer services can directly impact competitive balance and player trust. The development teams required a deep, code-level security assessment prior to launch.

Cyrex conducted comprehensive white box penetration testing, reviewing full source code and internal implementations across gameplay and live service layers.

This methodology enabled a detailed assessment of server-side validation, networking flows, and integration points within Unreal Engine.

Our engagement focused on:

• Physics and shooting systems
• Tier and class progression logic
• Inventory handling
• Player management systems

We evaluated whether gameplay actions were properly validated server-side and resistant to client-side manipulation.

Cyrex also assessed:

• Matchmaking infrastructure
• In-game shop logic
• VOIP and chat systems
• Backend API integrations

By simulating real-world attack scenarios and reviewing internal implementations, we identified potential exploit paths and logic weaknesses that could impact fairness or service stability.

The white box approach enabled:

• Full source code review
• Identification of active vulnerabilities
• Detection of weaker architectural points
• Clear, prioritized remediation guidance

This allowed the Improbable team to address issues efficiently before public exposure.