It has been a very busy and exciting year for Bugcrowd and things show no sign of slowing down! Right now, we’re getting ready to head out to Hacker Summer Camp in Las Vegas to showcase what we’ve been working on. Black Hat USA and DEF CON 26 will be here before you know it and we’ve got some great things in store. From demonstrating how crowdsourced security works and how to get started in bug hunting at our Black Hat booth, to hacking IoT devices and automobiles at the DEF CON Car Hacking Village, a number of conference talks, a couple of hospitality suites, not to mention several parties and a couple of surprises along the way; it will be a busy week.
Here is where we will be for the week! Please stop by and say hello!
Be sure to stop by and visit us at Booth #1236 to learn more about Bugcrowd, chat with some of our top researchers, connect with our executive team, collect our customized swag and more! We will be hosting live presentations at our booth at 11AM, 1PM and 2PM both days. Topics range from crowdsourced security to bug hunter’s methodology and up-leveling your bug bounty program.
Where: Booth #1236, Business Hall | Mandalay Bay South Convention Center | 3950 S Las Vegas Blvd, Las Vegas, NV 89119
When: Wednesday, August 8 — Thursday, August 9 (9AM – 5PM)
Hospitality Suite at Caesar’s
Where: Suite #TBD | Caesar’s Palace | 3570 S Las Vegas Blvd, Las Vegas, NV 89109
When: Thursday, August 9 — Saturday, August 11 (Noon – 4PM)
**Bugcrowd will be hosting our first “Meet the ASEs” panel event on August 11 from 3-4 PM. Don’t miss it!
Where: The Flamingo Las Vegas | 3555 S Las Vegas Blvd, Las Vegas, NV 89109
When: Friday, August 10 — Sunday, August 12 (11AM – 5PM)
TALK: Fresh Methodology and Tools for Hackers in 2018
Speaker: Bugcrowd VP of Trust and Security, Jason Haddix
Recon is an art AND a science. The landscape for methods of finding hosts to attack is constantly changing. Whether you call it “Asset Discovery” or something else, it remains a core part of bounty hunter and red teaming life. Join Jason as he expands on his ever-changing recon methodology. This talk will focus on what tools to incorporate (and which tools not to). It will outline new methods coined in 2018, plus frameworks to automate and document your workflow. Topics include: brand/TLD discovery, host enumeration, application threat modeling, and more!
TALK: Car Infotainment hacking methodology and attack surface scenarios
Speaker: Bugcrowd Application Security Engineer, Jay Turla
The battle for supremacy for the control of the dashboard display or infotainment systems has always been a race. Most of these systems run on Linux, Android, Windows (customized dashboards – perhaps Windows ME or CE) and Blackberry’s QNX. In-Vehicle Infotainment (IVI) or In-car entertainment (ICE) Systems are indeed fun consoles where you can play media, movies, or work with your car’s navigational system. But somehow it also comes with a risk of being hacked or attacked because they have also been plagued with vulnerabilities. In this talk, join Jay as he presents his own Car Hacker’s Methodology in finding security bugs in order to pwn a car’s infotainment system without having to do a drive by wire or CANbus hacking tools but will simply point out the common attack surfaces e.g WiFi, Bluetooth, USB Ports, etc. and some scenarios on how to exploit it just like how he popped a shell or issue an arbitrary command in his car which he tweeted in Twitter before.
What would Hacker Summer Camp be without the parties? We’re hosting a slew of events all week and we hope to see you there. Mark your calendars!
Risky Biz Party
Where: Alexxa’s Bar | 3655 S Las Vegas Blvd, Las Vegas, NV 89109
When: Tuesday, August 7 (7PM – 10PM)
Early Bird Hour: 6-7 PM
Risky Biz and The Diana Initiative welcome the organization’s participants along with female Risky Business listeners to an early bird hour from 6-7PM.
Level Up Party
Where: Skyfall Lounge, Delano Hotel | 3940 Las Vegas Blvd S, Delano Las Vegas, Las Vegas, NV 89119
When: Wednesday, August 8 (8PM – Midnight)
BJJ Smackdown hosted by Jeremiah Grossman
Where: Syndicate MMA Las Vegas | 6980 W Warm Springs Rd #190, Las Vegas, NV 89113
When: Thursday, August 9, (6-8PM)
Email me@llanagrossman.com for more information and participation details. Watch this promo video.
‘House Party’ Sponsored by Netgear and Cruise
Where: Rockhouse Bar, The Grand Canal Shoppes, The Venetian | 3570 S Las Vegas Blvd, Las Vegas, NV 89109
When: Thursday, August 9 (8PM – Midnight)
Where: Palms Place Pool, 6th floor of Palms Place | 4321 W Flamingo Rd, Las Vegas, NV 89103
When: Friday, August 10 (8PM – 1AM)
No registration required!
For more information on events, check out our 2018 Black Hat / DEFCON aggregate events page.