Makes the Dream Work
LevelUp is a free series of online security conferences with content for the hacker and security researcher community. Each event features presenters streaming their talks LIVE to YouTube, with a wide array of topics covered throughout the conference.
LevelUp 0x04 features two days of content on all things android hacking, penetration testing, collaborative hacking, OWASP, car hacking, and leveraging Frida for mobile. Meet our esteemed speakers!
Sebastian is an engineering manager on Google Play Protect, Google’s program for keeping Google Play free of malware and vulnerable apps. He has been working as a malware analyst, software engineer, and manager on the Google Play Protect team for 8 years
Self-proclaimed information security unicorn and cool nerd, Jasmine's interest in infosec started when she was 16 years old after she stumbled into a Yahoo! Group on Cryptography. Jasmine later earned her Masters in Computer Science and Graduate Certificate in Information Security and Privacy from University of North Carolina at Charlotte (UNCC). Jasmine also has an assortment of security certifications - GSEC, GSSP-Java, GWAPT.
BusesCanFly is a Bugcrowd ambassador, and hardware hacker. BusesCanFly loves tinkering, making, rock climbing, car hacking, and hardware hacking in general. A self-titled "Pretty ok Moderate Amateur," he is always happy to chat!
Matthew Szymanski is a Senior Security Engineer who leverages over a decade of experience as a programmer to discover and help remediate vulnerabilities. He has developed and taught secure coding workshops as well as presented talks to increase security awareness.
Phillip is a Bugcrowd Ambassador, adjuct instructor at Richland College teaching Ethical Hacking and System Defense, and the founder of The Pwn School Project. He has 21 years of experience in infosec and IT and has performed pen tests on networks, wireless networks, applications including thick client, web application and mobile, and also holds the following certifications: CISSP, NSA-IAM, OSCP, GWAPT.
Jeff Foley is the founder and project leader of the OWASP Amass project. Jeff has spent nearly 20 years as an innovative technologist and technical leader taking on challenges in the area of cyber warfare. He started the Amass project after noticing the need for robust and practical OSINT tools that aid infosec professionals in mapping complex networks.
In his own words, John is strange combination of ethical hacker mixed with the law. How many lawyers do you know who have an OSCP? John tries to act as bridge between the security community and the legal community. Being an ethical hacker, John also provides IT security and compliance reviews along with offensive security for numerous e-commerce clients (including crypto based businesses).
Sebastian is currently a M.S. computer science student at the Technische Universität Berlin and a freelancer in the IT security field. He has been interested in IT security since his teenage years, hacking and breaking things as well as researching vulnerabilities and sharing his knowledge in presentations and meetups from an early start. Together with Tim, he co-founded the project Internetwache.org in 2012.
Tim Philipp Schäfers
Tim is a two-time author of German IT-security books (Hacking im Web / WLAN Hacking). He works as an IT security consultant and lectures in the field of IT-security and risk management. In 2017, he was named a "junior fellow" by the German Informatics Society. He cofounded the project Internetwache.org together with Sebastian in 2012.
David Scrobonia is part of the Security Engineering team at Segment, working to secure modern web apps and AWS infrastructure. He contributes to open source in his spare time and is a core team member of the OWASP ZAP project. He has spoken about his work on the ZAP Heads Up Display at conferences including AppSec California, AppSec USA, OWASP BeNeLux, and BSidesSF.
Dawn Isabel is a Senior Security Consultant with IOActive, specializing in iOS and web application testing. She has over 15 years of experience in infosec, informed by her former role as a web application developer.
Rojan Rijal has been doing bug bounty for about three years now. He has also worked as Application Security Intern at Tinder, Inc.
June 01, 2019
Opening remarks from Ashish Gupta, CEO of Bugcrowd.
Today, organizations struggle to maintain visibility of their internet-facing assets. The OWASP Amass project helps perform network mapping of internet exposure to better understand how assets are distributed across networks. This talk will discuss how OWASP Amass can take subdomain enumeration to the next level with additional visibility.
Mobile application security has received relatively little attention thus far, making it a promising area. In this talk, you’ll learn how Android bug bounty programs work and how you can get involved. We’ll review the structure of Android applications and introduce you to tools that can be used for penetration testing, including Android Tamer, Burp Suite, and Android Studio.
Research and an idea spun up at 8PM in a small room with two friends led to the discovery of an internet wide vulnerability on more than 25 bug bounty programs. This talk will cover how we approached the situation, how we planned and managed our tests, and the reporting processes, from writing the report to having a good PoC.
Two talks in one! This talk is designed for folks who are familiar with Burp, but who want to learn how to use ZAP for testing web apps. We’ll also showcase the new Heads Up Display (HUD) feature of ZAP to bring all the same features found in ZAP (or Burp) directly into your browser.
End of Day 1
Thanks for attending day one!
We’ll see you tomorrow for day two of LevelUp 0x04!
June 02, 2019
1 Hacker is Good, 2 Hackers are Better – Bug Hunting as a Team
In this presentation we will discuss how we got into bug bounties as a team in 2012 and some of the problems we faced along the way. Back then, we had to ask ourselves: How do you organize and share information? How do you split bounties? How do you…. ? Bug hunting as a team has a lot of potential, and we hope our insights will be helpful for future teams.
Black-box analysis of mobile applications can be slow and painful. This talk will explore simple ways to leverage Frida to build lightweight analysis tools that can be easily customized. Practical examples will be presented for various use cases, including tracing library functions, examining application memory and runtime state, and circumventing common security controls.
In this presentation, Phillip Wylie shares the blueprint for becoming a pen tester. It combines Phillip’s own experience as a pen tester and ethical hacking instructor, providing attendees with the helpful tips and next steps to pursue pen testing as a career.
This presentation will cover best practices to finding a group of skilled colleagues to work together in teams to maximize skills against a target. John will provide some background and some tips/tricks on how best to 1. find others who can help, 2. what to look for in potential teammates, 3. best practices in working together as a team, and 4. tools and tricks to help maximize teamwork.
In this presentation, Neiko will provide an overview of targets and show some car hacks! We’ll also go through common tools we can all use to accomplish our goals!
End of Day 2
Thanks for attending!
Please stay tuned for details on LevelUp 0x05!