Agenda
Thursday, Aug 8
120 Minutes
5:30pm
Flight Club Las Vegas
The Bug Bounty Village at DEF CON 32 is partnering with TikTok to bring you a happy hour event at Flight Club @ The Venetian! Please RSVP to secure your spot.
​​
Friday, Aug 9
Emile Fugulin (@TheSytten)
60 Minutes
10:00am
Village Classroom, W215
This workshop is a unique deep-dive into the internals of Caido with its creators from Workflows to plugins without forgetting the GraphQL API
Roni Carta (@0xlupin)
60 Minutes
10:00am
Creator Stage 4
The talk "Practical Exploitation of DoS in Bug Bounty" covers techniques to identify and exploit Denial of Service (DoS) vulnerabilities for bug bounty programs. It emphasizes practical approaches, such as resource exhaustion and logic flaws, to disrupt services, highlighting their impact and demonstrating how to report these issues effectively
Daniel Le Gall (@Blaklis_)
60 Minutes
11:00am
Creator Stage 4
In this talk, Blaklis will present you some funny and surprising quick wins he found during his bug bounty journey, and some deep technical challenges he also needed to face to earn some big bounties; from fun to deeply technical bugs, there will be some content for everyone!
Inti De Ceukelaire, Jessica Sexton, Ryan Rutan, Lucas Phillipe, Michael Skelton, Roni Carta
75 Minutes
11:00am
Village Classroom, W215
Join us for an engaging and insightful panel discussion at the Bug Bounty Village, where community leaders from four of the world's leading bug bounty platforms—HackerOne, Synack, YesWeHack, and Intigriti—come together to share their expertise and vision for the future of bug bounty programs. This panel, moderated by a prominent hacker from the community, will explore the latest trends, challenges, and innovations in the bug bounty space.​
Ben Sadeghipour (@nahamsec)
90 Minutes
12:15pm
Village Classroom, W215
This workshop is a Crash Course on Server-Side Request Forgery will not only provide an understanding of fundamental SSRF exploitation but also introduce advanced techniques for exploiting complex and challenging SSRF vulnerabilities. This workshop includes hands-on labs based on real world examples.​​
Gonçalo Magalhães (@realgmhacker)
60 Minutes
2:00pm
Village Classroom, W215
The presentation will introduce the bug bounty differences that blockchain transparency brings to the table. Then we will explain what’s at stake in Web3, i.e. very large sums of money. We will go over notorious hacks that happened in the blockchain, both the technical exploit side and the negotiation side, and we’ll recreate the most iconic +$1M bounties and their PoCs.
Lucas Philippe (@BitK_)
90 Minutes
3:00pm
Village Classroom, W215
In this workshop, we'll dive into what prototypes are in JavaScript and then explore prototype pollution. We'll cover how to detect these vulnerabilities and the techniques to exploit them. This session is perfect for anyone looking to get practical, hands-on experience with real-world security issues.
Harrison Richardson (@rs0n_live)
90 Minutes
4:30pm
Village Classroom, W215
Are you a bug bounty hunter interested in collaborating with other researchers, but you don't know where to start? Well, how about at this workshop! Participants will be guided through a proven strategy to form an effective group, grow/learn together, and find your own version of success with bug bounties.
Nikhil Shrivastava (@niksthehacker)
Charlie Waterhouse
60 Minutes
5:00pm
Creator Stage 4
Join Nikhil Shrivastava and Charlie Waterhouse as they present "Reflections on a Decade in Bug Bounties: Experiences and Major Takeaways." Gain insights from their extensive experience, discover key lessons learned, and explore the evolution of bug bounties over ten years.
Saturday, Aug 10
60 Minutes
10:00am
Village Classroom, W215
Rotem Bar (@rotembar)
Unleash your hacking potential with insider access! Discover how sharing internal system insights can revolutionize bug hunting. In this session, you'll learn new exclusive methods, how to use data for your advantage, and will share real-world success stories. Join us to elevate your bug bounty program and learn how we see the attacks from the inside.
90 Minutes
11:00am
Village Classroom, W215
Jason Haddix (@jhaddix)
Join Jason as he demystifies modern and cutting edge web testing and recon techniques.
​
​
60 Minutes
11:30am
Creator Stage 4
Logan MacLaren, Jeffrey Guerra, Johnathan Kuskos, Katie Noble, Sam Erb
Join us for a panel discussion with experienced Bug Bounty Program Managers and Hunters. We'll address key questions, discuss challenges, strategies, and the future of bug bounties in the context of emerging technologies and threats. We'll highlight the importance of bug bounties, elements of success, and provide recommendations for maturing programs. A great learning and networking opportunity.
90 Minutes
12:30pm
Village Classroom, W215
Ben Sadeghipour (@nahamsec)
This workshop will focus on understanding the most common ways to takeover and account or elevate your access while performing a pentest or hunting for vulnerabilities.
​
​
30 Minutes
2:00pm
Creator Stage 4
Gunnar Andrews (@G0LDEN_infosec)
Automation techniques for security research or bug bounties can be a deep rabbit hole. But there are plenty of quick and effective methods to get the most out of your automation!​
​
45 Minutes
2:30pm
Creator Stage 4
Joel Alexis Noguera (@niemand_sec), Diego Jurado Pallarés (@djurado9)
As security researchers, we seek innovative solutions to enhance offensive security. This talk explores creating an AI agent to augment bug bounty and pentesting workflows. Our practical tool aims to enhance efficiency and effectiveness, join us as we explore the possibilities and implications of AI as an offensive assistant in this new era of offensive security.
90 Minutes
2:30pm
Village Classroom, W215
Justin Gardner (@Rhynorater)
All bug bounty hunters want one thing: bounties. This workshop is a TLDR of all the bug bounty resources out there, condensed down, and lasered-in on one goal: maximizing your bounties per unit of time spent.
​
​
45 Minutes
3:15pm
Creator Stage 4
Chloé Messdaghi (@ChloeMessdaghi), Kasimir Schulz (@abraxus7331)
This talk addresses the challenges in addressing the criticality of AI vulnerabilities in disclosure and payouts. We'll explore the current state of these issues and discuss the potential solutions to improve our approach to AI vulnerability management.
90 Minutes
4:00pm
Village Classroom, W215
Prince Chaddha (@princechaddha), Tarun Koyalwar (@KoyalwarTarun), Dhiyaneshwaran Balasubramaniam (@DhiyaneshDK)
Enhance your bug bounty skills! Learn to identify, enrich, and prioritize targets with tools like subfinder and httpx. Discover hidden files, functionalities, and vulnerabilities using advanced reconnaissance techniques. Don't miss out on mastering the art of uncovering "unknown unknowns" in cybersecurity. Join us!
​
60 Minutes
5:00pm
Creator Stage 3
Justin Gardner (@Rhynorater)
What hacker doesn't love a good vuln story? Well, how about 10? 20? However many I can fit into this presentation? Well, good, that's exactly how many you'll get. All criticals. All paid as criticals. Let's do it.
30 Minutes
5:30pm
Village Classroom, W215
James Kettle (@albinowax), Gareth Heyes (@garethheyes) & Martin Doyhenard (@tincho_508)
Meet the minds behind a decade of acclaimed web security research. Whether you'd like to query our thoughts on technical matters or career decisions, share something cool you've found, flood us with Burp Suite feature requests, or simply say hi, this is your chance! We're also giving three presentations at DEF CON so if you'd like to treat this as an extended Q&A for those, that's cool too. Please note this session may be chaotic.
Sunday, Aug 11
Ryan Barnett (@ryancbarnett), Isabella Barnett (@4ng3lhacker)
90 Minutes
11:00am
Village Classroom, W215
In today's dynamic web application ecosystem, there exists numerous data manipulation processes to sanitize, translate and manipulate data for use by applications and storage in back-end systems. These same processes can also be leveraged by bug hunters to obfuscate attack payloads from intermediary security systems.
​