Makes the Dream Work
LevelUp is a free series of online security conferences with content for the hacker and security researcher community. Each event features presenters streaming their talks LIVE to YouTube, with a wide array of topics covered throughout the conference.
LevelUp 0x04 features two days of content on all things android hacking, penetration testing, collaborative hacking, OWASP, car hacking, and leveraging Frida for mobile. Meet our esteemed speakers!
Louis (@snyff/@pentesterlab) is a security engineer based in Melbourne, Australia. He is the founder of PentesterLab, a learning platform for web penetration testing.
BusesCanFly is a Bugcrowd ambassador, and hardware hacker. BusesCanFly loves tinkering, making, rock climbing, car hacking, and hardware hacking in general. A self-titled "Pretty ok Moderate Amateur," he is always happy to chat!
Matthew Szymanski is a Senior Security Engineer who leverages over a decade of experience as a programmer to discover and help remediate vulnerabilities. He has developed and taught secure coding workshops as well as presented talks to increase security awareness.
Chloé Messdaghi is the VP of Strategy at Point3 Security. She is an ethical hacker advocate who strongly believes that information security is a humanitarian issue. Besides her passion to keep people safe and empowered online & offline, she is driven to fight for hacker rights. She is the founder of WomenHackerz & he President and cofounder of Women of Security (WoSEC) and heads the SF Bay Area chapter.
Josh Schwartz, aka FuzzyNop, is an alleged computer who knows how to computer. He currently is the Director of Proactive Engagement overseeing red team, security engagement, phishing, and behavioral engineering for the Paranoids at Verizon Media.
Rhys Elsmore is a self-deputised internet mall cop who has a passion for breaking computers in weird and wonderful ways. By day he helps secure a large blue cloud, and by night he hunts bugs in other people's clouds. Outside of the internet he likes to overdo it at CrossFit (People who do CrossFit are legally required to tell you that they do CrossFit), gets his butt kicked at Brazilian Jiu-Jitsu, cooks new and exciting food, looks after two Australian…
Sebastian is an engineering manager on Google Play Protect, Google’s program for keeping Google Play free of malware and vulnerable apps. He has been working as a malware analyst, software engineer, and manager on the Google Play Protect team for 8 years
Thomas Dullien is a security researcher and entrepreneur well-known for his contributions to the theory and practice of vulnerability development and software reverse engineering. He won Germany's biggest privately financed research prize in the natural sciences in 2006 (the Horst-Goertz Prize) for work on graph-based code similarity then started and ran a company to commercialize this research that was then acquired by Google. After a few years of Google Project Zero, he is now co-founder of a startup called http://optimyze.cloud…
Jay Turla is a Manager, Security Operations (PH) at Bugcrowd, and one of the goons of ROOTCON. He has been acknowledged and rewarded by Facebook, Adobe, Microsoft, etc. for his responsible disclosures, and has also contributed auxiliary and exploit modules to the Metasploit Framework. He has presented at ROOTCON, HITCON, PEHCON, DEFCON, DragonCon, Bsides Myanmar, Nullcon and TCON. His main interest/research right now is car hacking and is currently one of the main organizers of the Car Hacking Village of…
Katie is a Ph.D. student in machine learning and cybersecurity. During her free time, she is a bug bounty hunter and cybersecurity Youtuber. Having only started bug bounty in 2019, she's still a bit of a noob, but always learning. Katie is really passionate about giving back to the community who helped her by producing videos on the basics of bug bounty and how to find your first bug. You can find her on twitter @InsiderPhD and on YouTube as…
Self-proclaimed information security unicorn and cool nerd, Jasmine's interest in infosec started when she was 16 years old after she stumbled into a Yahoo! Group on Cryptography. Jasmine later earned her Masters in Computer Science and Graduate Certificate in Information Security and Privacy from University of North Carolina at Charlotte (UNCC). Jasmine also has an assortment of security certifications - GSEC, GSSP-Java, GWAPT.
Phillip is a Bugcrowd Ambassador, adjuct instructor at Richland College teaching Ethical Hacking and System Defense, and the founder of The Pwn School Project. He has 21 years of experience in infosec and IT and has performed pen tests on networks, wireless networks, applications including thick client, web application and mobile, and also holds the following certifications: CISSP, NSA-IAM, OSCP, GWAPT.
June 01, 2019
Opening remarks from Ashish Gupta, CEO of Bugcrowd.
Today, organizations struggle to maintain visibility of their internet-facing assets. The OWASP Amass project helps perform network mapping of internet exposure to better understand how assets are distributed across networks. This talk will discuss how OWASP Amass can take subdomain enumeration to the next level with additional visibility.
Mobile application security has received relatively little attention thus far, making it a promising area. In this talk, you’ll learn how Android bug bounty programs work and how you can get involved. We’ll review the structure of Android applications and introduce you to tools that can be used for penetration testing, including Android Tamer, Burp Suite, and Android Studio.
Research and an idea spun up at 8PM in a small room with two friends led to the discovery of an internet wide vulnerability on more than 25 bug bounty programs. This talk will cover how we approached the situation, how we planned and managed our tests, and the reporting processes, from writing the report to having a good PoC.
Two talks in one! This talk is designed for folks who are familiar with Burp, but who want to learn how to use ZAP for testing web apps. We’ll also showcase the new Heads Up Display (HUD) feature of ZAP to bring all the same features found in ZAP (or Burp) directly into your browser.
End of Day 1
Thanks for attending day one!
We’ll see you tomorrow for day two of LevelUp 0x04!
June 02, 2019
1 Hacker is Good, 2 Hackers are Better – Bug Hunting as a Team
In this presentation we will discuss how we got into bug bounties as a team in 2012 and some of the problems we faced along the way. Back then, we had to ask ourselves: How do you organize and share information? How do you split bounties? How do you…. ? Bug hunting as a team has a lot of potential, and we hope our insights will be helpful for future teams.
Black-box analysis of mobile applications can be slow and painful. This talk will explore simple ways to leverage Frida to build lightweight analysis tools that can be easily customized. Practical examples will be presented for various use cases, including tracing library functions, examining application memory and runtime state, and circumventing common security controls.
In this presentation, Phillip Wylie shares the blueprint for becoming a pen tester. It combines Phillip’s own experience as a pen tester and ethical hacking instructor, providing attendees with the helpful tips and next steps to pursue pen testing as a career.
This presentation will cover best practices to finding a group of skilled colleagues to work together in teams to maximize skills against a target. John will provide some background and some tips/tricks on how best to 1. find others who can help, 2. what to look for in potential teammates, 3. best practices in working together as a team, and 4. tools and tricks to help maximize teamwork.
In this presentation, Neiko will provide an overview of targets and show some car hacks! We’ll also go through common tools we can all use to accomplish our goals!
End of Day 2
Thanks for attending!
Please stay tuned for details on LevelUp 0x05!