johnk

What Happens in Vegas...Stays on Hacktivity

What Happens in Vegas...Stays on Hacktivity

Have you ever watched the Las Vegas sunrise after 12-hours of hacking through the night?

The 50-hackers at H1-702 have. Hacking achievement, unlocked.

H1-702 was HackerOne’s second annual live-hacking event held in Las Vegas during DEF CON.

Live-hacking events like H1-702 bring together the world’s top hackers into the same venue with companies security teams. This year, we welcomed several teams including Uber and Zenefits for our largest live hacking event yet. The setting? The W Hotel Wet Deck - Las Vegas’s newest rooftop venue.

rooftop

Three nights, three customers, Over 50 hackers from 15 countries, 30+ hours of hacking, over 150 vulnerabilities reported and over $250,000 in bounties paid - that’s almost a dollar per Red Bull consumed! It was our most successful live hacking event to-date with over $100,000 paid out in a single night!

Over 50 Hackers Participating From Over 15 Countries

Poolside cabanas were equipped with charging stations, cooling pads, power bricks, HackerOne towels and swimsuits, and our top hackers preparing for a new challenge each evening.

Upon arrival, each hacker was greeted with a specialized scope for the day, and an eager security team waiting to evaluate risk and release funds. Guests were treated with five star food and beverage services and custom swag to get them through the night.

What Vegas survival kit doesn’t include LED glasses, fidget spinners, and HackerOne branded power bricks??? We supplied all the essentials.

H1-702 veterans like Mark Litchfield, Arne Swinnen, and Frans Rosén were in attendance while elite newcomers filedescriptor, cablej, and tomnomnom were attending their first live-hacking event.  

With hackers traveling from India to Portugal, the US to Argentina, and Hong Kong to Morocco; this was the most diverse live hacking event we have ever held.   

More than 60% of Reports Were Valid Security Issues

More than 100 individual bounties were awarded across the three nights of hacking, totaling over $250,000 in rewards. That’s $100,000 more than at  H1-702 2016. Of the reports filed during the contest, over 60% were valid security issues.Those numbers really speak to the excellence of the hackers in attendance. They included some of HackerOne’s most successful bug hunters, based on Reputation scores and bounties earned.

live hacking

Hackers loved the chance to meet with security teams in-person. Similarly, our customers thrived on the chance to work directly hackers that are regularly contributing to their security programs. Security teams came ready to answer questions and collaborate with some of our most successful security talent, triaging live and working together to replicate vulnerabilities.

The relationships built during H1-702 and during previous live hacking events extend far beyond that pool deck and encourage loyalty from both security teams and hackers. Those relationships are critical for the success of any bug bounty program.

Cheers to the Winners

What’s a contest without a winners and awards?! For the most bounties earned and for his tireless contributions to the community, @fransrosen took home the belt and the title of “Most Valuable Hacker.”

winner

Try_to_hack rose to the top of the leaderboard with the most Reputation gained over the three days, earning him the title of “The Exalted.”

winners

First timer cablej took home the “Baby Bug” title for being an outstanding newcomer to the event, as well as the title of “The Assassin” for highest Signal (the most valid bugs reported at the event).

winners

Finally, cache-money took home a trophy for the best bug of the event and filedescriptor was awarded the “Hacker’s Hero” as chosen by the team at HackerOne.

winners

On the final night, we also rolled out a hack of our own, “Teams,” the opportunity for hackers from all over the world to work with their peers in-person to find bugs, submit their reports together, and to evenly share their bounties.

For their collaboration, unique discoveries and accomplishments that night, Artisan Hackers, comprised of zetatwo, avlidienbrunn, jelmer, fransrosen, took home the award for “Top Team.”

hackers

At this year’s event, we also recognized the group of hackers that have shown an undying commitment to security and have offered more of their time to serve as members of our Hacker Advisory Board. We are grateful for their efforts to make the internet a safer place, as well as their contributions to helping grow our community. Together we hit harder!

More to come

HackerOne’s live-hacking events continue to be huge successes thanks to our incredible hackers, customers, and community at large. We’re looking forward to our next live-hacking event in the coming few months! Want to get on the list, hackers? Keep hacking! Hackers with the highest Reputation and Signal have a better chance of getting invited.

Ted Kramer,
HackerOne Chief of Staff

PS - If your company is interested in sponsoring and/or participating in a live-hacking event, send us a note at h1-702@hackerone.com.

 


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

The 8th Annual Hacker-Powered Security Report

HPSR blog ad image