Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program
Live hacking events have been a part of our company DNA since 2016. We connect the community of hackers and customers every day on the HackerOne platform, but bringing people together in-person in cities around the world is a special experience. The power of collaboration came through in full-force for this year's h1-415, kicking off our first live hacking event of 2019 in true #TogetherWeHitHarder style. Hosted over three days leading up to BSides SF and RSA conferences, HackerOne partnered with Airbnb and Verizon Media to surface vulnerabilities, foster mentorship, and celebrate the community.
Day 1: Airbnb, our hosts with the most!
Airbnb is celebrating 4+ years of bug bounty, launching on HackerOne in early 2015. In total, they’ve received 500+ reports from more than 250 hackers. H1-415 marked their second live hacking event, with dozens of hackers taking part, submitting 153 reports. To mark the occasion Airbnb wanted to amplify hacker diversity. We partnered with them to invite women hackers with basic hacking skills to hack with mentors and some of the best hackers in the bug bounty game.
This was the second time HackerOne has ever done something like this and together with the invited women hackers, we topped a whopping 15% of women attendees. As part of this, we hosted the first-ever recon workshop. Mentees were invited to learn how one of Airbnb’s top hackers approaches their target.
The top-performing hacker for the day recognized by Airbnb and HackerOne was @erbbysam earning the title of The Vigilante award. Other honored hackers included @rhynorater as The Exalted, the award given to the hacker who earned the most Reputation points during the day, @smsecurity as The Exterminator, winning best bug of the event, and @cablej who was recognized as The Assassin, for having the highest signal out of all hackers. Nearly every participating hacker earned a bounty at this event, including some hackers participating in our mentorship group (read more below)!
Airbnb was a wonderful host for our first day. Special thanks to their team for helping bring people together to launch the first-ever live hacking mentorship program done in conjunction with a live hacking event. Read on for all the amazing details of the hacker mentorship program and community day held with special guests from Hack the Hood.
Day 2: Community Day and Hacker Mentorship Program
At HackerOne, we’re proud to say we have some of the world’s best hackers and serve many of the most security-aware organizations. This community is built on mutual respect, helpfulness, and engagement and it thrives on the collective talent and diversity of perspectives, backgrounds, and approaches. At h1-415 2019 we hosted our 3rd annual hacking101 and cybersecurity career workshop matching top hackers with students at a university and alternative career boot camps.
Hack the Hood, a non-profit, that connects local youth of color to technical jobs in their communities through 6-week boot camps, were our distinguished guests for the day. The young careerists were able to ask questions to the Hacker-Career panel starring Pete Yaworski, @yaworsk; Virsaviya Efraim, @virsaviya_h1; Johnny Nipper, @johnny; Ben Sadeghipour, @nahamsec, and Jesse Kinser, @randomdeduction. The panel focused on the many ways that our panelists became hackers and cybersecurity professionals. The students were able to have candid conversations about the unique career journeys our panelists took, getting jobs in the cyber security space, thinking like a hacker, how to learn to hack and seek mentorship.
The day-long event concluded with an afternoon hacking 101 workshop led by Cody Brocious. Cody guided the students through the ins and outs of Insecure Direct Object Reference bugs. The group then put that knowledge to work in their first bounty-paying Capture the Flag.
In addition, for the second time ever, we facilitated a mentorship program where a team of hacking experts mentored new hackers. It was an honor to work with both Airbnb and Verizon Media on the structure of this event focused on providing opportunities for local women engineers interested in learning more about cybersecurity and hacking. The initiative included a recon demonstration and one-on-one mentoring from Cody Brocious, Head of Hacker Education; Jobert Abma, a HackerOne co-founder; Pei Wen, senior software engineer; Joaquin Silva, Technical Program Manager; and Ben Sadeghipour; Hacker Operations Lead.
Throughout the live hacking event, mentors paired with mentees answering questions, working together to hack and solve problems. Through this teamwork, we saw multiple hacker mentees find their first bug, including @gwenevere05, whose valid report earned her a $200 bounty!
Of course, we had some fun with our hackers, too: playing hosts in beautiful San Francisco to catch the ferry over to Alcatraz Island for a fun tour and ferry ride. The custom h1-415 rain slicks came in very handy. The nightcap? Epic duels of ping pong at SPIN San Francisco.
Day 3: Hacking and collaborating with Verizon Media
Verizon Media has hosted five live hacking events to date, an impressive number. Leaning into the opportunity to engage with the hacker community and understand their motivations has helped their global security team--known as the Paranoids--team continues to build one of the most robust bug bounty programs. Verizon Media rewarded hackers over $5,000,000 in bounties in 2018 alone. Over the last 5 years, nearly 5,200 reports from more than 1,100 hackers have been resolved through their bug bounty program. Wow!
For their 2nd annual h1-415 live hacking event, they received 58 reports, with hackers earning over $128,000. True to their live hacking history, the Paranoids brainstormed some incredible challenges with juicy incentives for hackers. CTFer and all around amazing hacker, @0xacb collaborated with fellow Portuguese hacker @fisher to solve one such challenge - amazing work by both of them!
Verizon Media’s CISO and Chief Paranoid Chris Nims said, “Live hacking events are special. Welcoming incredible hackers and Paranoids into the same venue produces valuable results every time. It’s always great seeing the collaboration and camaraderie. The energy and results extend beyond the event and help fuel our ongoing bug bounty program on HackerOne.”
After all is said and done, and the hacking wrapped up, some hackers stood above the rest, being recognized as the best hackers for that day, and of course the recognition for the entire event’s Most Valuable Hacker.
The distinguished awardees were as follows:
The Exalted: @cache-money
The Exterminator: @0xacb
The Assassin: @cache-money
The Vigilante: @0xacb
And your h1-415 Most Valuable hacker went to…. @erbbysam! What a performance of consistency and creativity. Absolutely stellar.
Hacking, sight-seeing, mentoring, training, more hacking… a full weekend! But wait, there was more...
Welcoming new hackers to the H1-Elite distinguished comic book cover club
Hackers are heroes. No doubt about it. We celebrate some of our incredible community members in a fun and unique way - every year at h1-415 in San Francisco we recognize a new group of inductees into the H1-Elite custom comic book cover club.
We are always faced with some very hard decisions to make with so many of you talented hackers. Without further ado, we present the H1-Elite Class of 2019!
@Ngalog | |
@Smiegles | |
@Shubbs (aka notnaffy) | |
@Teknogeek | |
@Ziot |
Good things happen when you work together
Anytime you can bring in dozens of talented hackers with great product security professions, magic can occur. This year we kicked off our live hacking event calendar with a bang, thanks to Airbnb, Verizon Media, and our many hackers who participated and hacked. Keep your eyes peeled for even more live hacking material as we continued our live hacking journey across the world to Asia for h1-65 in Singapore!
PS - Ever wonder what it looks like when a hacker finds a cool bug? Check out this mini video of a moment captured at h1-415 with hackers @0xacb and @teknogeek, it’s amazing!
The 7th Annual Hacker-Powered Security Report