On February 21st, almost 70 hackers participated in HackerOne’s first Flagship Live Hacking Event of the year: h1-415 2020. This is HackerOne’s fourth year hosting a live hacking event during RSA week in our home city of San Francisco. Three of those years, we partnered with our long time live hacking event partner: Verizon Media.
Our flagship events start well before we bring hackers onsite. We begin with a nearly two week “presubmissions” window. During this time period, hackers begin recon and hacking remotely. For reports submitted during this window, bounties are split evenly for all duplicate reports (as opposed to first come, first serve) as an additional perk to our LHEs. Almost 70 hackers participated and over 400 reports were submitted over the course of those two weeks, hackers were paid over $707,000, with dawgyg as the top paid hacker from the event! Over 18 countries were represented at this event, with 8 hackers attending their first live hacking event.
All Around the City
With a prominent party, pedicabs, and plenty of activities, HackerOne took over San Francisco during RSA. This year included something a little special. When the hackers arrived, they were greeted by familiar faces on billboards, buses, and in BART stations. Randomdeduction, nnwakelam, spaceraccoon represented the hacking community in a campaign focused on celebrating the positive power of hackers. Hacking is here for good, for the good of all of us.
For every live hacking event, HackerOne hosts tourist activities for hackers, customers, and HackerOne team members to get to know each other in a no-pressure, casual environment. Amazing conversations, friendships, and the start of lots of collaboration happen during these activities. We’ve taken them up mountains in Vancouver at h1-604 , boat rides on the Thames in London at h1-4420, and for the first time in San Francisco: an NBA basketball game. This was a first for many of our event participants and was such a fun way to get to know each other better!
Kicking Things Off
Hosted at the Elan Event Venue, just across the street from Moscone Center and the main hub for the RSA conference, hackers arrived to wall to wall h1-elite comic posters, and amazing HackerOne and Paranoids swag.
The event kicked off with a warm welcome from HackerOne’s Program Manager, Denzel Duncan, myself and HackerOne CEO, Marten Mikos. Verizon Media CISO, Chris Nims talked about Verizon Media’s long history with HackerOne, bug bounty, and why the hacker community is so valuable to Verizon Media’s security.
Community Day and H.I.T. Program
Community Days at Live Hacking Events are all about education and fostering interest in hacking and bug bounties. Every Community Day has a partnership with a local cyber security organization to lead a hands-on workshop utilizing Hacker 101 curriculum. Our Community Day at h1-415 partnered with the Cyber Defenders Program.
Over 30 students from Santa Teresa High School were invited to listen to hackers cdl, rijalrojan, and erbbysam talk about getting started in bug bounty, share their personal stories, as well as tips and recommendations for the students to further their interests.
After listening to the hacker panel, HackerOne’s Head of Education, Ben Sadeghipour, dove into Hacker101. Starting with the basics of setting necessary tools, Ben went through a step by step walkthrough of Hacker101.
HackerOne also launched our new and improved mentorship program at this event. Top hackers volunteered their time to prepare presentations on specific vulnerability classes and give 4 selected H.I.T. participants a deep dive into how to find them, how to escalate them, and hands-on support to execute the skills learned.
Reigning in the New Elite
Every year at h1-415, we do something a little bit special that is exclusive to this event! We award new HackerOne lite hackers with their comics. HackerOne Elite hackers are those that have shown exemplary community involvement for the past year, have outstanding and consistently critical findings, and have killed it in bounties in 2019. This year in San Francisco, we welcomed a new class of hackers:
Show & Tell and Awards
An integral part of our live hacking events is Show & Tell. Show & Tell is where a set of hackers are selected to present a vulnerability they found during the event, to other participants. Show & Tell bugs are selected based on the learning opportunities for the find: unique attacks or methodology, creative approaches or finds, and some based on severity. This is an amazing educational process for both customer security and development teams and the hackers in attendance. Cheers to h1-415’s Show & Tell Presenters:
- 0xacb & teknogeek
We always award the best bug of the event with The Exterminator award! H1-415’s best bug was given to none other than zlz. Sam has won a number of awards and show & tell presentations at live hacking events over the years. We also launched a new award at h1-415: Best Team Collaboration. As announced in March’s blog post , “HackerOne values Community and Collaboration at live hacking events above anything else. This award celebrates that! Winners are selected based on: critical and quality reports, collaborating well with others, sharing tools and resources, and volunteering your valuable time for others.”
Congratulations to all of our hackers!