Since our first event in Las Vegas in 2016, we have hosted 20 events in 12 different cities with 14 different customers. As of our final event of 2019, HackerOne has paid out over $7M in bounties and had over 5,000 reports submitted at live hacking events to date. In 2019 alone, we had some pretty incredible stats:
The 2019 live hacking circuit kicked off in March in beautiful San Francisco, then we were off to Singapore and London, pausing during the summer to build up to Las Vegas for a record-breaking h1-702. In the fall, we headed north to Vancouver and ended the year strong in sunny Los Angeles.
The most coveted award at Live Hacking Events is the Most Valuable Hacker (MVH) which rewards the hacker who delivers awesome and critical vulnerabilities, exhibits great communication skills and quality report writing, excels at community engagement and support, and provides that special something that just makes the event sensational. Please join us in saluting the Most Valuable Hacker Class of 2019:
h1-415 in San Francisco: @erbbysam
h1-65 in Singapore:@smsecurity
h1-4420 in London: @tomnomnom
h1-702 in Las Vegas: @inhibitor181
h1-604 in Vancouver: @dzmitry
h1-213 in Los Angeles: @spaceraccoon
What’s coming next?
Now let’s talk about what the future holds:
We have confirmed five flagship events for 2020 so far, with even more in the works.
Note: In light of recent travel restrictions, any of the above events are subject to change or adjustment to virtual.
Live Hacking Events Suite
In 2019, we launched a diverse portfolio of hacking event structures including meetups, regional hacking events, virtual events and more.
One global initiative is our Community Hacking Meetups! These interactive events are hosted and driven by the community, for the community. While Meetups are different than a typical live hacking event, they still hold the same core values: empowering hackers to share resources, developing their technical skills, building meaningful relationships between hackers, and earning bounties hacking on a managed, public bug bounty program.
Since our first Meetup in October, the amazing HackerOne hacker community has hosted events in Buenos Aires, Chile, Madrid, and Delhi. We’ve got a great lineup coming for 2020, so keep a close eye on HackerOne’s Twitter to find out when we’re coming to your area!
Interested in hosting a meetup? Complete this form with all of the desired information and the live hacking team will get back to you.
Invitations
The most difficult part of live events is that we are unable to invite everyone, so last year we gave you insight into the process for Live Hacking Event invitations, and we’re here to dive a bit deeper.
Each event has a unique structure, client, budget, location, and more, and with that comes a specific number of invitations that we can extend. We strive to continue to grow and improve all of our events, so we are continuously increasing this number while ensuring the experience remains just as special.
Flagship Live Hacking Events have a typical hacker count of 40 travel fully-sponsored, up to 10 local invitations, and up to 10 plus-one invitations. Plus-one invitations are intended as invitations for additional hackers to hack and participate in the event fully. Each live event comes with its own unique budget and requirements (skillset alignment with scope, for example) and the invite structure can change event to event.
Live Hacking Events are an amazing opportunity to meet other top hackers in the HackerOne community, to learn from each other, to advance your skills, and to get access to awesome targets, scope, and bounties. These events are by invitation-only and are held to a high standard in accordance. In addition to our platform code of conduct, an extensive live event code of conduct will be issued. In many instances, an additional NDA will be required.
HackerOne reserves the right to decide whom to invite to each event and each event’s invitation structure might have specific changes. Regardless of where a hacker fits in the above categories, all hackers are expected to adhere to our event and platform code of conduct and behavioral expectations. Hackers with recent Code of Conduct violations will not be considered for live event invites.
Awards
Beginning in 2020, we are launching a new set of awards for live hacking events. Don’t worry, the coveted Most Valuable Hacker belt is not going anywhere. However, we realized an opportunity to align our awards more closely with bounties earned and celebrate collaboration at all events, not just team events. We will be removing the two stat-based awards: the Assassin and the Exalted awards for highest signal and most reputation gained during the event. Thus, we’re thrilled to release the following:
- Most Valuable Hacker (MVH) is to be determined based on Community, Criticality, Consistency, Collaboration. For multi-day events, the MVH winner is the winner for the event as a whole. For multi-day/client events, the Vigilante is the Most Valuable Hacker of the day.
- The 1st and 2nd Place award winners for each day will be in direct alignment with the top bounties earned for the day.
- The Exterminator award for the most critical and impactful vulnerability from the event is also here to stay.
- The Best Team Collaboration award will be given at each event for teams of up to four members, as applicable. HackerOne values Community and Collaboration, and this award celebrates that. Winners will be selected based on similar criteria as the MVH: critical and quality reports, collaborating well with others (even those outside your team!), sharing tools and resources, and volunteering your valuable time for others.
Community Days and Hacker In Training Program
HackerOne Community Days at Live Hacking Events connects local cybersecurity-focused groups — such as Women’s Society of Cyberjutsu, Cyber Defenders Program, local schools, and many others — with top hackers and HackerOne’s top educators.
Each community day starts with either an individual hacker presentation or a hacker panel, covering career advice, technical tips and techniques, and stories of hackers’ personal hacking journeys. Attendees then take part in a hands-on workshop and educational session with capture-the-flag (CTF) challenges, building on the Hacker101 curriculum.
Revamped for 2020 is our Hackers in Training (HIT) program, formerly titled “Mentorship Program.” Launched at h1-415 2020 in San Francisco, our revamped program will add additional programming for up to 5 advanced hackers in training for an even deeper workshop following the existing Community Day activities we know and love. These hackers will receive a full day of workshops — each targeted towards a specific vulnerability and attack scenario — led by top hackers in the community.
Qualifications might change from event to event, but as a core standard you must:
- Be able to physically attend, remote attendance not recommended
- At minimum, have familiarity with SQL injection, XSS, IDOR vulnerabilities
- It is strongly encouraged that you have completed the Micro-CMS v1, Micro-CMS v2, and Postbook CTF challenges at the Hacker101 CTF (ctf.hacker101.com)
If you’re interested in participating in a community day or becoming participating in our H.I.T. program, please contact live-hacking@hackerone.com
Looking Ahead
With new programming, awards, and education planned for 2020, we are thrilled to continue to bring companies and hackers closer together to identify vulnerabilities, help make safer products, and build a safer internet.