The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap
For the first time, HackerOne kicked off fall by migrating south. Way south. All the way to Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, welcomed over 50 hackers in their third live hacking event in 2018. By the end of the event, Oath had paid out more than $260,000 in bounties to hackers for their contributions.
@teknogeek, @intidc and @smiegles walk the streets of Buenos Aires
During the week, hackers attended Ekoparty at the Ciudad Cultural Konex. Ekoparty, the largest security conference in South America was on fire.
The beautiful Ciudad Cultural Konex where Ekoparty 14 was hosted.
Not only did we attend Ekoparty, we published our own Capture the Flag competition: MemeCTF. It all started with this tweet.
Created by hackers @0xacb and @Corb3nik, we had participants from around the world solve the puzzle including @ziot and @erbbysam (read their writeup) as well as Daniel Abeles & Shay Shavit from Akamai. Stay tuned for more writeups and the published CTF reports on Hacktivity!
The MemeCTF card. From QR Code to 7-step flag challenge to the prize, with endless memes in between!
Then came the main event, h1-5411, and...a storm. Lightning did strike twice in Buenos Aires. The first time it knocked out the internet at the WeWork Torre Bellini at approximately 8:37am the morning of the event. The second time came at the end of the night. Needless to say, we ended with a bang!
@alexjck gets to work with his back to the Buenos Aires skyline
Of the 53 participants at h1-5411, about 50% were first-time live hacking event participants, the greatest percentage ever for a HackerOne live event. That includes seven winners of our memeCTF.
Hackers @panchocosil and @teknogeek hacking at the WeWork Torre Bellini during h1-5411
“Surfacing and resolving vulnerabilities quickly is essential to protecting Oath’s one billion users globally,” said Chris Nims, Chief Paranoid and CISO at Oath. “Fostering relationships and working with hackers has helped our team to scale and defend, solidifying the hacker community as an essential part of our security strategy.”
The cityscape as the clouds roll in and the sun sets in Buenos Aires -- pre-lightning strike #2
Time to announce the H1-5411 award winners!
- The Exalted (most reputation earned) went to local hacker @try_to_hack for earning 400+ reputation at the event
- The Assassin (highest signal) went to @Intidc
- The Exterminator (best bug) also went to @try_to_hack
- The Most Valuable Hacker (MVH) went to long time hacker, first time winner @meals!
The highest individual bounty paid was $19,750 and the highest paid researcher walked away with over $52,000. Congrats all!
MVH winner @meals raises his h1-5411 championship belt
At the end of the event, Oath’s team also gathered hackers for a roundtable to get immediate feedback on the program at large. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time. Thank you to The Paranoids at Oath for all their dedication to working with the hacker community and hard work. Check out more photos from the event in our h1-5411 Facebook album. Next up: Montreal!
Participating hackers, Oath and HackerOne team members pose at the end of h1-5411