Earlier this month, I had the opportunity to attend and present at Nullcon in Goa, India. Now in its seventh year, Nullcon was founded in 2010 with the idea of “providing an integrated platform for exchanging information on the latest attack vectors, zero day vulnerabilities and unknown threats.”
The five-day event includes trainings, talks, CTFs and hacking challenges. We even had the opportunity to participate in Bountycraft track and listen to talks by the security teams of Facebook, Google, Microsoft and HackerOne.
But perhaps my favorite part of the event was connecting with our researchers (30% of our crowd of 50,000 come from India!). This year we were also excited to be the goodie bag sponsor:
Our crowd is incredibly important to us and we’re always looking for opportunities to talk to them about their experiences with Bugcrowd and as bug hunters in general. These conversations and feedback really help inform a lot of what we do at Bugcrowd. Afterall, our research community is an essential part of Bugcrowd.
Just a few of the bug hunters who are actively submitted to Bugcrowd programs together with Adam Ruddermann who is a Technical Program Manager of Facebook’s bug bounty team (credits to Indrajith AN for the picture)
To that end, we’re also always looking for ways to support our researchers, whether through new product features or training. That was one of the goals of my talk “Explorer's Guide to Shooting Satellite Transponders” where I gave an overview on satellite hacking, including steps to using satellite receivers or set top boxes at home in order to watch alternative channels or satellites without paying for a subscription.
My teammate Faraz Khan, also gave a great presentation on how to become a successful bug hunter during the BountyCraft track at Nullcon, “A Bug Hunter’s Guide to the Universe.” Faraz’s talk provided an understanding on how we handle submissions in a variety of different scenarios, even discussing some of the issues that can occur during the process and how we work with researchers to resolve them. The sessions included a live Q&A where Faraz answered questions from our community and was a great learning experience not only for them but also for us.
Faraz presents “A Bug Hunter's Guide to Bounty Universe”
Of course, I’d be remiss if I didn’t mention our “Day Two” party where we got to spend even more time getting to know some of the members of our community… and have a lot of fun! I wasn’t in the party in “Day Two” because of my flight but my colleague Faraz handled it well without me.
This was my first time at Nullcon and it didn’t disappoint. I appreciate the warm welcome of the Indian infosec community. From presenters to attendees I came away with a better understanding of the needs of our research community as well as with some tips and tricks I can use in my own research. I’m already looking forward to next year’s event!