top of page

Agenda

Thursday, Aug 8

120 Minutes

5:30pm

Flight Club Las Vegas

The Bug Bounty Village at DEF CON 32 is partnering with TikTok to bring you a happy hour event at Flight Club @ The Venetian! Please RSVP to secure your spot.

​​

Friday, Aug 9

Emile Fugulin (@TheSytten)

60 Minutes

10:00am

Village Classroom, W215

This workshop is a unique deep-dive into the internals of Caido with its creators from Workflows to plugins without forgetting the GraphQL API

Roni Carta (@0xlupin)

60 Minutes

10:00am

Creator Stage 4

The talk "Practical Exploitation of DoS in Bug Bounty" covers techniques to identify and exploit Denial of Service (DoS) vulnerabilities for bug bounty programs. It emphasizes practical approaches, such as resource exhaustion and logic flaws, to disrupt services, highlighting their impact and demonstrating how to report these issues effectively

Daniel Le Gall (@Blaklis_)

60 Minutes

11:00am

Creator Stage 4

In this talk, Blaklis will present you some funny and surprising quick wins he found during his bug bounty journey, and some deep technical challenges he also needed to face to earn some big bounties; from fun to deeply technical bugs, there will be some content for everyone!

Inti De Ceukelaire, Jessica Sexton, Ryan Rutan, Lucas Phillipe, Michael Skelton, Roni Carta

75 Minutes

11:00am

Village Classroom, W215

Join us for an engaging and insightful panel discussion at the Bug Bounty Village, where community leaders from four of the world's leading bug bounty platforms—HackerOne, Synack, YesWeHack, and Intigriti—come together to share their expertise and vision for the future of bug bounty programs. This panel, moderated by a prominent hacker from the community, will explore the latest trends, challenges, and innovations in the bug bounty space.​

 

Ben Sadeghipour (@nahamsec)

90 Minutes

12:15pm

Village Classroom, W215

This workshop is a Crash Course on Server-Side Request Forgery will not only provide an understanding of fundamental SSRF exploitation but also introduce advanced techniques for exploiting complex and challenging SSRF vulnerabilities. This workshop includes hands-on labs based on real world examples.​​

Gonçalo Magalhães (@realgmhacker)

60 Minutes

2:00pm

Village Classroom, W215

The presentation will introduce the bug bounty differences that blockchain transparency brings to the table. Then we will explain what’s at stake in Web3, i.e. very large sums of money. We will go over notorious hacks that happened in the blockchain, both the technical exploit side and the negotiation side, and we’ll recreate the most iconic +$1M bounties and their PoCs.

Lucas Philippe (@BitK_)

90 Minutes

3:00pm

Village Classroom, W215

In this workshop, we'll dive into what prototypes are in JavaScript and then explore prototype pollution. We'll cover how to detect these vulnerabilities and the techniques to exploit them. This session is perfect for anyone looking to get practical, hands-on experience with real-world security issues.

Harrison Richardson (@rs0n_live)

90 Minutes

4:30pm

Village Classroom, W215

Are you a bug bounty hunter interested in collaborating with other researchers, but you don't know where to start? Well, how about at this workshop! Participants will be guided through a proven strategy to form an effective group, grow/learn together, and find your own version of success with bug bounties.

Nikhil Shrivastava (@niksthehacker)
Charlie Waterhouse

60 Minutes

5:00pm

Creator Stage 4

Join Nikhil Shrivastava and Charlie Waterhouse as they present "Reflections on a Decade in Bug Bounties: Experiences and Major Takeaways." Gain insights from their extensive experience, discover key lessons learned, and explore the evolution of bug bounties over ten years.

Saturday, Aug 10

60 Minutes

10:00am

Village Classroom, W215

Rotem Bar (@rotembar)

Unleash your hacking potential with insider access! Discover how sharing internal system insights can revolutionize bug hunting. In this session, you'll learn new exclusive methods, how to use data for your advantage, and will share real-world success stories. Join us to elevate your bug bounty program and learn how we see the attacks from the inside.

90 Minutes

11:00am

Village Classroom, W215

Jason Haddix (@jhaddix)

Join Jason as he demystifies modern and cutting edge web testing and recon techniques.

​

​

 

60 Minutes

11:30am

Creator Stage 4

Logan MacLaren, Jeffrey Guerra, Johnathan Kuskos, Katie Noble, Sam Erb

Join us for a panel discussion with experienced Bug Bounty Program Managers and Hunters. We'll address key questions, discuss challenges, strategies, and the future of bug bounties in the context of emerging technologies and threats. We'll highlight the importance of bug bounties, elements of success, and provide recommendations for maturing programs. A great learning and networking opportunity.

 

90 Minutes

12:30pm

Village Classroom, W215

Ben Sadeghipour (@nahamsec)

This workshop will focus on understanding the most common ways to takeover and account or elevate your access while performing a pentest or hunting for vulnerabilities.

​

​

30 Minutes

2:00pm

Creator Stage 4

Gunnar Andrews (@G0LDEN_infosec)

Automation techniques for security research or bug bounties can be a deep rabbit hole. But there are plenty of quick and effective methods to get the most out of your automation!​

​

45 Minutes

2:30pm

Creator Stage 4

Joel Alexis Noguera (@niemand_sec), Diego Jurado Pallarés (@djurado9)

As security researchers, we seek innovative solutions to enhance offensive security. This talk explores creating an AI agent to augment bug bounty and pentesting workflows. Our practical tool aims to enhance efficiency and effectiveness, join us as we explore the possibilities and implications of AI as an offensive assistant in this new era of offensive security.

90 Minutes

2:30pm

Village Classroom, W215

Justin Gardner (@Rhynorater)

All bug bounty hunters want one thing: bounties. This workshop is a TLDR of all the bug bounty resources out there, condensed down, and lasered-in on one goal: maximizing your bounties per unit of time spent.

​

​

45 Minutes

3:15pm

Creator Stage 4

Chloé Messdaghi (@ChloeMessdaghi), Kasimir Schulz (@abraxus7331)

This talk addresses the challenges in addressing the criticality of AI vulnerabilities in disclosure and payouts. We'll explore the current state of these issues and discuss the potential solutions to improve our approach to AI vulnerability management.

90 Minutes

4:00pm

Village Classroom, W215

Prince Chaddha (@princechaddha), Tarun Koyalwar (@KoyalwarTarun), Dhiyaneshwaran Balasubramaniam (@DhiyaneshDK)

Enhance your bug bounty skills! Learn to identify, enrich, and prioritize targets with tools like subfinder and httpx. Discover hidden files, functionalities, and vulnerabilities using advanced reconnaissance techniques. Don't miss out on mastering the art of uncovering "unknown unknowns" in cybersecurity. Join us!

​

60 Minutes

5:00pm

Creator Stage 3

Justin Gardner (@Rhynorater)

What hacker doesn't love a good vuln story? Well, how about 10? 20? However many I can fit into this presentation? Well, good, that's exactly how many you'll get. All criticals. All paid as criticals. Let's do it.

30 Minutes

5:30pm

Village Classroom, W215

James Kettle (@albinowax), Gareth Heyes (@garethheyes) & Martin Doyhenard (@tincho_508)

Meet the minds behind a decade of acclaimed web security research. Whether you'd like to query our thoughts on technical matters or career decisions, share something cool you've found, flood us with Burp Suite feature requests, or simply say hi, this is your chance! We're also giving three presentations at DEF CON so if you'd like to treat this as an extended Q&A for those, that's cool too. Please note this session may be chaotic.

Sunday, Aug 11

Ryan Barnett (@ryancbarnett), Isabella Barnett (@4ng3lhacker)

90 Minutes

11:00am

Village Classroom, W215

In today's dynamic web application ecosystem, there exists numerous data manipulation processes to sanitize, translate and manipulate data for use by applications and storage in back-end systems. These same processes can also be leveraged by bug hunters to obfuscate attack payloads from intermediary security systems.

​

bottom of page