It was 70 degrees, sunny and a Saturday, but everyone was inside. Forty-one hackers representing 11 countries. More than $400,000 paid in bounties. All in nine hours. HackerOne’s second annual live-hacking event in San Francisco broke multiple records on Saturday, April 14, 2018. The target? Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall.
Rooftop views. Hackers soaking up the sun and enjoying the skyline of downtown San Francisco
The weekend kicked off on Friday with hackers touring San Francisco, followed by the big event, H1-415 on Saturday. The Oath security team huddled shoulder to shoulder with hackers to work together, assess impact, payout rewards and resolve vulnerabilities in record time. This was the first time Oath introduced its consolidated private bug bounty program, following its acquisition of Yahoo last year. The speed and agility of the security team proved a next level of security maturity and readiness to efficiently handle security vulnerabilities.
Hacker nnwakelam shows dawgyg some discoveries at H1-415
“Surfacing vulnerabilities and resolving them before our adversaries can exploit them is essential in helping us build brands people love and trust,” said Chris Nims, CISO at Oath. “Whether they had been participating in our programs for years or were looking at Oath assets for the first time, it was empowering to witness the dedication, persistence and creativity of the hacker community live and in-person. We really felt the excitement and enthusiasm throughout H1-415.”
Once the nine hours of hacking concluded, it was time to announce the H1-415 award winners!
- The Exalted (most reputation earned) went to nnwakelam, an Australian hacker who earned nearly 1,000 reputation points over the course of the day.
- The Assassin (highest signal) went to smsecurity, a first time live-hacking attendee from Canada.
- The Exterminator (best bug) went to erbbysam, who for the second event in a row won a top hacker award.
- The Country Competition winners (the team that earned the most bounties for the day) were fransrosen and avlidienbrunn of TeamSweden.
- The Most Valuable Hacker (MVH) went to nnwakelam!
MVH winner nnwakelam poses with his H1-415 championship belt
While hackers were giving Oath their best shot, about 40 middle and high school students from the Bay Area visited for a day of learning about hacking for good and the world of cybersecurity. They got to meet hackers, learn how they got started and the opportunities that have come about through participating in bug bounty programs. The day also included a career panel featuring Shopify, Oath, Salesforce and HackerOne about cybersecurity, career building, and diversity. The community sessions concluded with a hands on workshop lead by HackerOne co-founder Jobert Abma.
Jobert Abma demonstrates a rubik's cube hack to a Bay Area student
Thank you to our hackers that traveled from near and far to help secure such an incredible brand. Thank you to Oath for all their work and dedication to working with the community to build strong relationships and resolve bugs quickly. Finally, thank you to all the students, teachers, volunteers, staff, vendors and others that gave up their Saturdays to be part of something great. You can also watch the action unfold in our event recap video on YouTube. Onto the next!
Participating hackers, Oath and HackerOne team members pose at the end of H1-415