Are you ready to Level Up? 

Block your calendar for May 9th 2020, from 10am to 4pm Pacific Time, for Bugcrowd’s 6th LevelUp virtual conference!!! As a hat-tip to the unusual times we’re all experiencing with COVID19, and with a firm view of the role that bounty hunters and hackers will play in the future, 0x06’s theme is “Hacking The New Normal”. 

We’ve got a full roster of absolutely STELLAR leaders and experts, covering a variety of technical and career-focussed topics in security research, bounty hunting, and cybersecurity, and we’ll be releasing more details about the speakers throughout the coming weeks.

Without further ado, below are our first two speakers:

Louis Nyffeneger (@snyff)

Bio: Louis (@snyff/@pentesterlab) is a security engineer based in Melbourne, Australia. He is the founder of PentesterLab, a learning platform for web penetration testing.

Talk: Code that gets you pwn(s|’d)

In this talk, Louis will cover examples of vulnerabilities that are not necessarily obvious. We will look at some snippets in Golang, Ruby, Python and others, demonstrating practical flaws and attacks on:

  • Golang Tempfile
  • Golang path.Clean
  • Startswith and URL
  • Unicode
  • Unicode and Regexp

Rhys Elsmore (@rhyselsmore

Bio: Rhys Elsmore is a self-deputised internet mall cop who has a passion for breaking computers in weird and wonderful ways. By day he helps secure a large blue cloud, and by night he hunts bugs in other people’s clouds. Outside of the internet he likes to overdo it at CrossFit (People who do CrossFit are legally required to tell you that they do CrossFit), gets his butt kicked at Brazilian Jiu-Jitsu, cooks new and exciting food, looks after two Australian Shepherds, and serves his community as a Retained Firefighter with Fire + Rescue NSW.

Talk: Recognition-Primed Bug Bounty Hunting

Humans are wired to consume, process, and act on large amounts of information. Every day – often without knowing – we take cues and signals from our environment, recall our past experiences, mix it all together, and make decisions. As bug bounty hunters we are often faced with many decisions, such as “where do I look next?”, “where do I start”, “how can I maximize impact”, “how can I escalate this finding”, and “how do I understand what this means”. A well-tuned decision making process is essential to maximizing impact and ensuring success while hunting bugs.

This talk draws on my experience in various emergency service roles – where the outcome of decisions are critical and thinking several steps ahead is required, mixes it with walkthroughs of the decision-making process I have followed when finding high-paying bugs, adds in a bit of psychology*, and details focus areas that will assist bug bounty hunters in being able to make better decisions.

Attendees will not only get walkthroughs of hard-hitting bugs, but also learn the basics of a decision making model that will hopefully lead them to bigger scopes and larger rewards.

What’s Next?

Stay tuned for our next announcement, the #levelup0x06 Keynote!  

Subscribe to our LevelUp news for speaker and conference announcements, tips and cheats for the event, and updates as the day approaches. Not on Discord? Sign up for our Bugcrowd Community to get yourself ready for the event. DON’T FORGET to submit your CFP.  The deadline is April 14th.

We’re pumped and look forward to seeing you there and helping everyone LEVEL UP!!!