Have you ever watched the Las Vegas sunrise after 12-hours of hacking through the night?
The 50-hackers at H1-702 have. Hacking achievement, unlocked.
H1-702 was HackerOne’s second annual live-hacking event held in Las Vegas during DEF CON.
Live-hacking events like H1-702 bring together the world’s top hackers into the same venue with companies security teams. This year, we welcomed several teams including Uber and Zenefits for our largest live hacking event yet. The setting? The W Hotel Wet Deck - Las Vegas’s newest rooftop venue.
Three nights, three customers, Over 50 hackers from 15 countries, 30+ hours of hacking, over 150 vulnerabilities reported and over $250,000 in bounties paid - that’s almost a dollar per Red Bull consumed! It was our most successful live hacking event to-date with over $100,000 paid out in a single night!
Over 50 Hackers Participating From Over 15 Countries
Poolside cabanas were equipped with charging stations, cooling pads, power bricks, HackerOne towels and swimsuits, and our top hackers preparing for a new challenge each evening.
Upon arrival, each hacker was greeted with a specialized scope for the day, and an eager security team waiting to evaluate risk and release funds. Guests were treated with five star food and beverage services and custom swag to get them through the night.
What Vegas survival kit doesn’t include LED glasses, fidget spinners, and HackerOne branded power bricks??? We supplied all the essentials.
With hackers traveling from India to Portugal, the US to Argentina, and Hong Kong to Morocco; this was the most diverse live hacking event we have ever held.
More than 60% of Reports Were Valid Security Issues
More than 100 individual bounties were awarded across the three nights of hacking, totaling over $250,000 in rewards. That’s $100,000 more than at H1-702 2016. Of the reports filed during the contest, over 60% were valid security issues.Those numbers really speak to the excellence of the hackers in attendance. They included some of HackerOne’s most successful bug hunters, based on Reputation scores and bounties earned.
Hackers loved the chance to meet with security teams in-person. Similarly, our customers thrived on the chance to work directly hackers that are regularly contributing to their security programs. Security teams came ready to answer questions and collaborate with some of our most successful security talent, triaging live and working together to replicate vulnerabilities.
The relationships built during H1-702 and during previous live hacking events extend far beyond that pool deck and encourage loyalty from both security teams and hackers. Those relationships are critical for the success of any bug bounty program.
Cheers to the Winners
What’s a contest without a winners and awards?! For the most bounties earned and for his tireless contributions to the community, @fransrosen took home the belt and the title of “Most Valuable Hacker.”
Try_to_hack rose to the top of the leaderboard with the most Reputation gained over the three days, earning him the title of “The Exalted.”
First timer cablej took home the “Baby Bug” title for being an outstanding newcomer to the event, as well as the title of “The Assassin” for highest Signal (the most valid bugs reported at the event).
On the final night, we also rolled out a hack of our own, “Teams,” the opportunity for hackers from all over the world to work with their peers in-person to find bugs, submit their reports together, and to evenly share their bounties.
For their collaboration, unique discoveries and accomplishments that night, Artisan Hackers, comprised of zetatwo, avlidienbrunn, jelmer, fransrosen, took home the award for “Top Team.”
At this year’s event, we also recognized the group of hackers that have shown an undying commitment to security and have offered more of their time to serve as members of our Hacker Advisory Board. We are grateful for their efforts to make the internet a safer place, as well as their contributions to helping grow our community. Together we hit harder!
More to come
HackerOne’s live-hacking events continue to be huge successes thanks to our incredible hackers, customers, and community at large. We’re looking forward to our next live-hacking event in the coming few months! Want to get on the list, hackers? Keep hacking! Hackers with the highest Reputation and Signal have a better chance of getting invited.
HackerOne Chief of Staff
PS - If your company is interested in sponsoring and/or participating in a live-hacking event, send us a note at firstname.lastname@example.org.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.