HackerOne, Bountycraft, and Nullcon | HackerOne

Around the world in seven days! My name’s Adam Bacchus, Chief Bounty Officer of HackerOne, and I’m here to tell you about the adventures I had in India this March presenting at Nullcon on “Bug Bounty Reports – How Do They Work?”.

What is Nullcon?

Nullcon, founded in 2010, is an annual security conference held in Goa, India to discuss and showcase the next-generation of security technology. Nullcon emerged out of “null,” the largest open security community in India, with over 8 chapters in major cities – Bangalore, Mumbai, Chennai, Pune, Hyderabad, Mysore, Trivandrum and Delhi.

Hanging out with Antriksh Shah, who helps organize and run Nullcon

I was invited to speak at the Bountycraft track at Nullcon on the topic of best practices in bug bounty reporting, and had the opportunity to see awesome bug bounty presentations delivered by the security teams of Facebook, Google, and Microsoft.

I had already written a blog on bug bounty reporting, which I expanded into a fully fleshed out talk. You can find the slides on slideshare, but if you want the full experience of the plethora of GIFs, I’d recommend the Google Slides version. A video of the preso should be coming soon!

Adam Ruddermann, Technical Program Manager, Facebook’s bug bounty team

Google and Microsoft Increase Bug Bounty Payouts

Google and Microsoft both gave awesome talks at Nullcon about their programs. Google shared some examples of cool bugs they’ve received through their Vulnerability Rewards Program, and announced they are upping the max bounty on remote code execution from $20,000 to a cool $31,337 (elite – get it?). Google also upped the max reward for “Unrestricted file system or database access” from $10,000 to $13,337.

Josh Armour, Technical Program Manager, Google’s Vulnerability Reward Program

Microsoft also announced that they will double bounties on Office 365 through May of 2017, and gave a talk on the intricacies of testing Azure from a bug bounty standpoint.

Akila Srinivasan, Security Program Manager, Microsoft Security Response Center

In addition having in-depth conversations with the security teams of these major companies on the future of bug bounties, I got the opportunity to get loads of face time with tons of hackers from the bug bounty community in India.

Based on HackerOne’s survey of 600+ hackers, we discovered that 20.7% of hackers surveyed were from India – this is the most of any country on our platform! I had a ton of fun meeting our hacker base in India.

Here’s a group shot of participants of the CTF put on at Bountycraft:

One hacker was such a big fan of HackerOne, he wrote it on his arm!

I got to meet up with Geekboy, currently the #3 hacker on HackerOne:

Geekboy introduced me to “feni,” a local Indian spirit made with cashews. The feni is mixed with a lemon-flavored soda called Limca – tasty stuff!

I also had a chance to be interviewed by Nullcon on the topics of information security and bug bounties:

Serious bizness

All in all, it was an awesome trip, and I’m incredibly thankful that I had the opportunity to have such a great experience with so many members of the bug bounty community. If you have any awesome Nullcon photos or stories to share, let me know!

– @sushihack

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!