Tricks & Treats
LevelUp is a free series of online security conferences with content for the hacker and security researcher community. Each event features presenters streaming their talks LIVE to YouTube, with a wide array of topics covered throughout the conference.
Matthew Szymanski is a Senior Security Engineer who leverages over a decade of experience as a programmer to discover and help remediate vulnerabilities. He has developed and taught secure coding workshops as well as presented talks to increase security awareness.
BusesCanFly is a Bugcrowd ambassador, and hardware hacker. BusesCanFly loves tinkering, making, rock climbing, car hacking, and hardware hacking in general. A self-titled "Pretty ok Moderate Amateur," he is always happy to chat!
Sebastian is an engineering manager on Google Play Protect, Google’s program for keeping Google Play free of malware and vulnerable apps. He has been working as a malware analyst, software engineer, and manager on the Google Play Protect team for 8 years
Rojan Rijal has been doing bug bounty for about three years now. He has also worked as Application Security Intern at Tinder, Inc.
Intro/overview of hardware hacking. Covering many aspects of hardware hacking from various subjects to basic methodology (embedded, cars, etc). Ideal for people interested in or looking to get started with hardware hacking.
In this presentation I will be giving an overview of common vulnerabilities that security researchers find in top apps on Google Play. I will give information about these vulnerabilities, how to find them, and how to fix them. The information in this talk is based on my work on Google Play’s Security Rewards Program, in which we reward security researchers for security vulnerabilities they find in top applications on Google Play.
This talk will cover the GSuite misconfiguration found on most companies, how to prevent these misconfigurations, and how as bug bounty hunters you can find these issues.
GraphQL is a query language for APIs set to replace RESTful architecture. The use of this technology has achieved rapid adoption and is now leveraged by companies such as GitHub, Credit Karma, and PayPal. Despite its popularity, this new approach to building APIs can leave organizations at risk. While it solves real-world problems, proper implementation is left up to developers who often don’t fully understand how to secure their API. Security best practices are easily overlooked, and rushed development can leave cracks in the armor. These issues create a new attack surface for us to explore as well as new ways to exploit underlying infrastructure and code.
From Queries and Mutations to Types and Fields, properly attacking a target requires that you understand it. We will learn enough about GraphQL to be dangerous. Demonstrate how to use the technology’s intricacies against itself while taking advantage of implementation errors and misconfigurations. Examine GraphQL specific attacks as well as tried and true techniques adapted to fit into the GraphQL context. Then walk through how to carry out these attacks efficiently and effectively.