skip to Main Content

LevelUp 0x05

Tricks & Treats

LevelUp is a free series of online security conferences with content for the hacker and security researcher community. Each event features presenters streaming their talks LIVE to YouTube, with a wide array of topics covered throughout the conference.

Matt Szymanski

Matthew Szymanski is a Senior Security Engineer who leverages over a decade of experience as a programmer to discover and help remediate vulnerabilities. He has developed and taught secure coding workshops as well as presented talks to increase security awareness.


BusesCanFly is a Bugcrowd ambassador, and hardware hacker. BusesCanFly loves tinkering, making, rock climbing, car hacking, and hardware hacking in general. A self-titled "Pretty ok Moderate Amateur," he is always happy to chat!

Sebastian Porst

Sebastian is an engineering manager on Google Play Protect, Google’s program for keeping Google Play free of malware and vulnerable apps. He has been working as a malware analyst, software engineer, and manager on the Google Play Protect team for 8 years

Rojan Rijal

Rojan Rijal has been doing bug bounty for about three years now. He has also worked as Application Security Intern at Tinder, Inc.

Time (PT)



08:30:00 AM

Hardware Hacking for the Masses (and you!)

Intro/overview of hardware hacking. Covering many aspects of hardware hacking from various subjects to basic methodology (embedded, cars, etc). Ideal for people interested in or looking to get started with hardware hacking.

09:00:00 AM

Overview of common Android app vulnerabilities

In this presentation I will be giving an overview of common vulnerabilities that security researchers find in top apps on Google Play. I will give information about these vulnerabilities, how to find them, and how to fix them. The information in this talk is based on my work on Google Play’s Security Rewards Program, in which we reward security researchers for security vulnerabilities they find in top applications on Google Play.

10:00:00 AM

GSuite Security: Everyone wants it but not everyone gets it

This talk will cover the GSuite misconfiguration found on most companies, how to prevent these misconfigurations, and how as bug bounty hunters you can find these issues.

11:00:00 AM

REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure

GraphQL is a query language for APIs set to replace RESTful architecture. The use of this technology has achieved rapid adoption and is now leveraged by companies such as GitHub, Credit Karma, and PayPal. Despite its popularity, this new approach to building APIs can leave organizations at risk. While it solves real-world problems, proper implementation is left up to developers who often don’t fully understand how to secure their API. Security best practices are easily overlooked, and rushed development can leave cracks in the armor. These issues create a new attack surface for us to explore as well as new ways to exploit underlying infrastructure and code.

From Queries and Mutations to Types and Fields, properly attacking a target requires that you understand it. We will learn enough about GraphQL to be dangerous. Demonstrate how to use the technology’s intricacies against itself while taking advantage of implementation errors and misconfigurations. Examine GraphQL specific attacks as well as tried and true techniques adapted to fit into the GraphQL context. Then walk through how to carry out these attacks efficiently and effectively.

2019 Edition

Inside the Mind of a Hacker

The 2019 edition comprehensive overview of Bugcrowd's Crowd, the motivations for bug hunting and the economics of whitehat hacking.
Learn More


Fall 2019 Roadshow

If you have a DevSecOps process, you’ve heard the phrases “shift left” and “shift right.”…

Connect With Us
Cisco SecCon

Bugcrowd is a proud sponsor of Cisco SecCon 2019. Stop by our booth on November…

Connect With Us
LevelUp 0x05

LevelUp is a free series of online security conferences with content for the hacker and…

Connect With Us
Back To Top