h@cktivitycon July 31 - August 1, 2020

Watch Now

This event has ended


By the Community, for the Community

h@cktivitycon is a HackerOne hosted hacker conference built by the community for the community. h@cktivitycon is a place for hackers to learn, share, and meet friends. Hear talks and panelists exploring offensive hacking techniques, recon skills, target selection and more.

Did you miss h@cktivitycon?

If you weren’t able to join us on Friday, July 31, or Saturday, August 1, watch them now.

Digital Swag & Swag Simulator

We have wallpapers and Zoom backgrounds as our digital swag! Check it out on GitHub.

During h@cktivitycon, we launched our Swag Simulator. Take a selfie and show all your friends and family with this cool swag 😎.

Speakers

Click on each speaker for more details and a link to watch their talk.

Keynote Speaker
Georgia Weidman

Founder & CTO,
Shevirah and Bulb Security LLC

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, mentor, and author. Her work in smartphone exploitation received a DARPA Cyber Fast Track grant and has been featured internationally in print and on television. Georgia is the author of Penetration Testing: A Hands-On Introduction to Hacking. She’s presented or conducted training around the world including Blackhat / DEF CON, RSA, NSA, and West Point.

Georgia founded Shevirah to create products for assessing and managing the risk of mobile devices in the enterprise and testing the effectiveness of enterprise mobility management solutions. She’s also the founder of the security consulting firm Bulb Security. She is a graduate of and a mentor at the Mach37 cybersecurity accelerator and an angel investor.

Georgia received the 2015 Women’s Society of CyberJutsu Pentest Ninja award. She is on the board of advisors at the cybersecurity training startup Cybrary, an Adjunct Professor at Tulane University and University of Maryland University College, a member of the CyberWatch Center’s National Visiting Committee, and a Cybersecurity Policy Fellow at New America.

If an Autistic Girl from Rural Mississippi Can Make It in InfoSec, So Can You: A Travelogue

This is the story of how a 14 year old high school dropout ended up paired talking about iPhones with Tim Cook on the national news. How a technical practitioner whose only knowledge of business came from the Facebook movie became a funded startup founder by walking into a glass door on her first day at a startup accelerator. How that weird kid with funny hats ended up with government research funding, but didn’t know what an invoice was to get the money. How the girl who everyone thought was just a member’s girlfriend at the local hacker meeting gave her first talk at Shmoocon and filled the room by offering free beer at 9am from a little red wagon. Through a series of vignettes Georgia will discuss how she got here and how you can too!

Phillip Wylie | @r0ckm4n

Senior Red Team Lead

Phillip Wylie is the Senior Red Team Lead for a global consumer products company, Adjunct Instructor at Richland College, and The Pwn School Project founder. Phillip has over 22 years of experience with the last 8 years spent as a pentester. Phillip has a passion for mentoring and education. His passion motivated him to start teaching and founding The Pwn School Project a monthly educational meetup focusing on cybersecurity and ethical hacking. Phillip teaches Ethical Hacking and Web Application Pentesting at Richland College in Dallas, TX. Phillip is a co-host for The Uncommon Journey podcast. Phillip holds the following certifications; CISSP, NSA-IAM, OSCP, GWAPT.

The Pentester Blueprint: A Guide to Becoming a Pentester

Pentesting or ethical hacking as it is more commonly known has become a much sought-after job by people in IT, InfoSec, or those just trying to get into the industry. In this presentation, Phillip Wylie shares the blueprint for becoming a pentester. The presentation combines Phillip’s experience as a pentester and ethical hacking instructor to give attendees a guide on how to pursue a career as a pentester. Phillip shares what has worked for his students and people that he has mentored over his years as a pentester. This presentation covers the knowledge and skills needed to become a pentester as well as the steps to achieve them.

0x0g | @0x0g

Bug Hunter and Recon Head

Jason is the Head of Security for a leading videogame production company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before joining Bugcrowd Jason was the Director of Penetration Testing for HP Fortify and also held the #1 rank on the Bugcrowd leaderboard for two years. He is a hacker and bug hunter through and through and specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children.

The Bug Hunter’s Methodology v4: Recon Edition

The Bug Hunter’s Methodology is an ongoing yearly installment on the newest tools and techniques for bug hunters and red teamers. This version explores both common and lesser-known techniques to find assets for a target. The topics discussed will look at finding a targets main seed domains, subdomains, IP space, and discuss cutting edge tools and automation for each topic. By the end of this session a bug hunter or redteamer we will be able to discover and multiply their attack surface. We also discuss several vulnerabilities and misconfigurations related to the recon phase of assessment.

Chloe Messdaghi

VP of Strategy,
Point3 Security

Chloé Messdaghi is the VP of Strategy at Point3 Security. She is a security researcher advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WeAreHackerz (formally known as WomenHackerz) & the President and cofounder of Women of Security (WoSEC), podcaster for ITSP Magazine’s The Uncommon Journey, and runs the Hacker Book Club.

Twitter: @ChloeMessdaghi
LinkedIn: linkedin.com/in/messdaghi
Instagram: instagram.com/chloemessdaghi
Website: chloemessdaghi.com

Burnout

Have you ever felt like no matter how much sleep you get, you feel exhausted? Struggle to concentrate? Having trouble balancing work and personal life? Or perhaps feel your work is your life? Then this talk is for you.

Burnout. We all go through it at one point. It feels like you are low on battery and it can cause impact emotionally and physically.

In this talk, we will cover burnout, how to overcome it, and how to prevent it from happening.

Justin Gardner | @rhynorater

Bug Bounty Hunter

Justin Gardner is a full-time bug bounty hunter based near Tokyo, Japan. His focus in the security space is on web vulnerabilities and automated reconnaissance as pertains to bug bounty hunting. Before bug bounty hunting full-time, Justin was held various roles in IT ranging from software developer to IT architect, as well as consulting as a penetration tester with SynerComm for 2 years. Outside of security, Justin loves Jesus, spending time with his wife Mariah, volleyball, learning languages, and Brazilian jiu-jitsu.

Graphing Out Internal Networks with CVE-2020-13379 (Unauthed Grafana SSRF)

This talk outlines the experience of discovering a full-read unauthed SSRF vulnerability in a product used by thousands of companies in their DMZs. There will be 3 main sections of this talk: the discovery, the exploitation, and the results.

Starting with the discovery of this bug, we’ll discuss some methodology of looking at open-source software for security vulnerabilities and how this led to the discovery of CVE-2020-13379. Included in this section will be defining your goals for what kind of impact you wish to achieve, identifying areas of interest, and perseverance (also known as going down the rabbit hole).

From there, we’ll dive into a demo of the bug. This will include a working PoC for CVE-2020-13379, an exploitation kit that will assist in full exploitation, and a summary of some useful escalation techniques. We will also discuss what it looks like to use this bug against companies who host Grafana instances in the DMZ or in the internal network.

To bring it all around, we'll talk about the experience of reporting this bug to different vendors and mass-exploitation across bug bounty programs. This will include some lessons learned from mass-exploitation, some awesome collaboration with very skilled hackers, and some great interactions with programs.

STÖK | @stok

Hacker, Content Creator, and Creative

STÖK is a hacker, content creator, and creative with 25 years as a professional in Information Technology. STÖK is not only dedicated to bring excellent content and share new techniques to the red-team and bounty community but also strives to inspire the next generation of hackers to enter the infosec space.

How I Got from 0 to MVH (without knowing how to write a single line of python)

I get asked “how to get started in bug bounties” every day, and it’s been like that since the first day I began my own bounty journey about 2 years ago. To be honest, I don’t have a simple answer anymore. In 2020 there are so many different paths to choose, and it can be really overwhelming for someone that wants to break into the hacking space. Should I focus on VPDs? Should I do ctf's? should I spend my time doing recon, should I automate stuff? Or should I go app deep? There is no right or wrong way to do it. But the most important thing is to simply take action, and simply just start hacking.

In this presentation, I will share my journey and my experience from being in the bug bounty space for the last 2 years. I will share the tools, both physical/mental, and the resources i use to gain information. How I collaborate and create new friendships. How I on multiple occasions couldn’t sleep because of bounty fever. How I dealt with dupes and program frustration. How I created content that has inspired thousands and finally how I overcame burnout, all while not knowing how to write a single line of python.

Ian Tabor | @mintynet

Network / Security Architect

Network / security architect that has a passion for car hacking, found vulnerabilities in his own car and also private Car bug bounties. Now runs Car Hacking Village UK and is part of the team behind CHV at defcon

LinkedIn: linkedin.com/in/mintynet
Twitter: twitter.com/mintynet
Website: mintynet.com

From an ‘IVI in a Box’ to a ‘CAR in a Box’

Details of the car hack on my own vehicle in 2017 and then how I first created an ‘IVI in a box’ and then PD0 ‘CAR in a box’. Some hints and tips on how not to break your own car!

Robert Chen & Philip Papurt
@notdeghost | @ginkoid

Bug Hunters & CTF Players

Robert Chen (@notdeghost) is a 17-year-old CTF player with redpwn, bug hunter, software developer, and full-time high school student. He participates in CTFs and various bug bounty programs in his free time.

Philip Papurt (@ginkoid) is a 16-year-old security researcher, CTF player with redpwn, intern at Emvoice, and high school sophomore. After high school, Philip is interested in pursuing a career in cybersecurity.

WAF Bypass in Depth

As WAFs grow in complexity, they become increasingly resilient to attacks. However, although the level of determination required has greatly risen in recent years, WAFs are always bypassable. We will provide practical insight into how WAFs operate and introduce novel bypass techniques that can make it a piece of cake to demonstrate the impact of cross-site scripting (XSS) vulnerabilities when behind WAFs. Reflected XSS is a valid vulnerability regardless of the presence of a WAF.

Heath Adams | @m4v3r1ck-

CEO & Founder, TCM Security

Heath Adams (aka The Cyber Mentor) is the CEO and founder of TCM Security. Outside of TCM Security, he is an online cybersecurity instructor on platforms such as Udemy, YouTube, and Twitch, teaching his students penetration testing methods and tactics. Heath is also a military veteran, having served in the US Army Reserves, and helped co-found VetSec, a 501c3 dedicated to military members in cybersecurity. When Heath is not at work, he enjoys spending time with his wife, Amber, and their five animal “children.” He is an avid runner, musician, trivia nerd, and sports fan.

Pentest Story Time: My Favorite Hacks from the Past Year

This talk covers a few of my favorite stories from the past year and will demonstrate different ways that I managed to “own” an organization during a pentest engagement. Stories include:

No MFA? Thanks! - This story discusses how I obtained domain admin access as an external attacker, teaching some key lessons along the way.

IPv6 FTW! - This story discusses how IPv6 can be abused in internal networks and easily allow for complete domain compromise.

You Spent How Much on Security? - This story discusses how I obtained domain controller access on an organization that was doing *almost* everything right and spending a lot of money to do so.

Digging Deep - This story discusses how I managed to take down an internal network when no apparent exploit existed.

Jasmin Landry | @jr0ch17

Security Researcher

I’ve been in the security industry for about 3 years now, mostly working as a pentester while getting industry certifications like OSCP and GWAPT. Since March 2020, I’ve decided to give a shot to doing bug bounty full time (kind of). As a hobby, I like to play hockey (of course, I’m Canadian) and obviously I like to hack.

Beyond the Borders of Scope

In this session, I’m going to talk about a somewhat controversial topic in bug bounty: looking at out-of-scope assets. This is not about doing actual hacking on those out-of-scope assets, it’s about doing recon on them in special ways in order to find bugs on the in-scope assets. The recon that I do uses a few techniques/tricks that I’ve been doing for a while which have resulted me in finding some bugs in programs’ core applications. As a matter of fact, with the help of that recon, I have never gotten a single duplicate yet so it definitely is an unexplored area. I will go through each technique or trick and show an example of a bug I’ve found. Some as simple as a reflected XSS (actually not that simple) and some with higher impact like RCE and information disclosure.

Ben Heald | @healdb

Student & Hacker

I am a 23 year old MS CS student currently in my last semester at RIT. I have been participating in bug bounty programs for the past three years and have been making infosec content at my blog for the past few months. I love bug bounty, and have been able to pay for my entire CS MS degree with the proceeds from my hacks!

The Problem with Parse: A low-code server that endangers over 64,000,000 users

Low-code server platforms provide a necessary service in that they allow all developers regardless of skill the ability to create content and mobile applications. Unfortunately, these low-code solutions also put user data security at risk, because they follow the path of most convenience instead of ensuring that the application will be secure. This talk will focus specifically on the low-code server called “Parse”. The Parse Platform is a popular web server similar to Firebase that allows mobile application developers to spin up a fully-fledged backend with API support within a very short amount of time and with very little programming experience. In just a few days of scanning the most popular Google Play applications, I was able to discover several vulnerable Parse instances that potentially endanger the data of a collective 8,000,000 users. In this talk, I will give an overview of the many security issues inherent in the Parse platform, as well as give recommendations to both developers and the maintainers of the Parse Platform for how to improve their security posture.

Boik Su | @boik

Security Researcher, CyCraft

Boik Su is currently in CyCraft as a security researcher focusing on web security and threat hunting. He has received some awards from CTFs, been the speaker at various security conferences like ROOTCON 13, OWASP Global AppSec - DC, AVTokyo, NanoSec, and others like OSCON and Taiwan Modern Web. He is also the lecturer at HITCON Training and National Center for Cyber Security Technology in Taiwan.

Discover Vulnerabilities with CodeQL

I’ll be delivering a little bit of introduction to CodeQL and its practical functionality. Besides, I’ll showcase some vulnerabilities that I found through utilizing CodeQL’s powerful static and taint analysis. There’s even one flaw that could lead to RCE! Consequently, the audience will understand the concepts of static analysis, taint analysis, data flow analysis, and so on after the talk.

Seyed Ali Mirheidari
Sajjad “JJ” Arshad
Ali | @sajjadium

Security Researchers

Speaker 1: Seyed Ali Mirheidari is a final year PhD candidate at University of Trento and a passionate security researcher. His research mainly focuses on web security, including cultivating the impact and importance of Path Confusion techniques. His research leads to implementing new techniques to discover and exploit well-hidden web application flaws. Ali has over a decade experience of leading penetration tests, vulnerability management and vulnerability assessments of broad technologies including web, network, mobile, and IoT. He is currently a Lead Information Security Consultant at Denim Group conducting network and application penetration tests.

Speaker 2: Sajjad “JJ” Arshad is a security researcher at International Secure Systems Lab (iSecLab) and earned his PhD in Cybersecurity from Northeastern University, Boston, MA. His research is concerned with improving the security of computer systems through application of secure design principles and integration of defensive techniques such as attack detection, prevention, and recovery. Some domains he is active in are large-scale web security/privacy measurement, program analysis, and Malware detection. In his spare time, he is a CTF player and has authored several “technical” CTF writeups.

Cached and Confused: Web Cache Deception in the Wild

Web Cache Deception (WCD) has been introduced in 2017 by Omer Gil, where an intruder lures a caching server to mistakenly store private information publicly and as a result obtains unauthorized access to cached data. In this talk, we will introduce new exploitation techniques based on the semantic disconnect among different framework-independent web technologies (e.g., browsers, CDNs, web servers) which results in different URL path interpretations. We coined the term “Path Confusion” to represent this disagreement and we will present the effectiveness of this technique on WCD attack.

We explore WCD as an instance of the path confusion class of attacks, and demonstrate that variations on the path confusion technique make it possible to exploit sites that are otherwise not impacted by the original attack. Our findings show that many popular sites remain vulnerable three years after the public disclosure of WCD. To further elucidate the seriousness of path confusion, we will also present the large scale analysis results of WCD attack on high profile sites. We present a semi-automated path confusion crawler which detects hundreds of sites that are still vulnerable to WCD only with specific types of path confusion techniques.

Inti De Ceukelaire | @intidc

Ethical Hacker and Bug Bounty Hunter

Inti De Ceukelaire is a Belgian ethical hacker and bug bounty hunter. He has made national headlines numerous times with his security awareness stunts, reaching from manipulating the twitter account of US President Donald Trump to publishing fake news on the Vactican’s website. As an ethical hacker, Inti hunts down security vulnerabilities in companies like Facebook, Google, Dropbox and the US Department of Defense. In 2018, Inti was awarded the “Most Valuable Hacker” award at HackerOne’s annual flagship live hacking event.

You’ve Got Pwned: Exploiting E-mail Systems

E-mail security is more than spam and phishing attacks. In this talk, I will outline a couple of common technical attacks involving e-mails and show some real-world examples from bug bounty programs.

William Bowling | @vakzz

Hacker

William Bowling (@vakzz) is a full time Software Developer and long time CTF player, based out of Australia, who recently started trying his hand at Bug Bounties in his free time. When not hacking, he likes to go walking with the family and playing little known sports such as underwater hockey.

The Journey of Finding and Exploiting a Bug in GitLab

A short talk about how I got started doing Bug Bounties and a look at the process I went through to find a critical issue in GitLab.

The CTF is closed

Congratulations to our winners.

  • First place: redpwn
  • Second place: corruptedpwnis
  • Third place: OpenToAll

For more information, check out our event on CTF Time