July 9, 2019

Live Hacking in Chile

Note: Verizon Media is now known as Yahoo.

Paranoids logo

On June 17th, @samux reached out to @flyingtoasters to ask about presenting an old bug of his at a small meetup of hackers he was planning. The answer was initially “we do not allow disclosure of bugs” but after hearing a little more about this event, it became clear that something special was about to happen. Hackers, bug hunters and professional penetration testers in Santiago, Chile, self-organized to talk about bugs, teach each other about bug bounty programs, and hack on the Verizon Media public bug bounty program. This is the second year that this gathering has occurred, and it promised to be bigger than last year, but still just a small group of people.

We were so honored by the choice to use our program as an instrument of education that we decided to send @flyingtoasters to Santiago to support @samux and work with him to turn this meetup into a great Live Hacking Event experience for all. The event was originally expecting 20-30 people, but by the time the dust settled, over 60 people participated. Photo: The organizers earned a signed copy of the event poster that all participants took home.


The organizers earned a signed copy of the event poster that all participants took home.

Photo: The organizers earned a signed copy of the event poster that all participants took home.

Paranoids stepped up over the July 4th holiday weekend to show up in person and ensure we performed real-time triage of new bugs coming in, delivered on-site payouts for validated bugs, and provided challenges and bonuses with special prizes for participants. We loved being able to bring great swag to the event and take all the hackers out afterwards for drinks to celebrate all their hard work.

Paranoid Chris Holt (@flyingtoasters) & Researcher Eduardo (@debsec)

Photo: Paranoid Chris Holt (@flyingtoasters) & Researcher Eduardo (@debsec) who found the most critical bug of the event.

Our winners included Paranoids veterans and newcomers alike. @samux, one of our top 2019 hackers, won the event through a combination of the number and severity of his valid reports, and @debsec - a hacker new to the Paranoids bug bounty program - found the most critical bug of the event. He won the Paranoids Asked You to Stop Testing bonus with a bug that he managed to escalate from Informational to Critical after speaking with us about what he thought could be done (and was then given permission to try). Additionally, we invited @debsec, @hdbreaker, and @asavior2 to our Private program for their excellent performance during this event.

The event itself was a major success on multiple fronts, and it was especially meaningful to our team because of the passion we saw firsthand from our hackers. Our top hackers organized an event where they targeted Verizon Media because of their strong history and experience with our program, and even better, they introduced our Bug Bounty program to hackers that had never hacked Verizon Media before (89% of attendees!). We hope that all of these talented hackers continue to hack on us long after this event.

We love seeing our hackers embracing what The Paranoids stand for, and want to see more of this happening in the hacker community! If you’d like to organize something similar, please get in touch; we would like to coordinate date selection and can’t wait to meet you.


chile event

Photo: Traditional live hacking group photo at the end of the event.

In the end we decided to allow @samux to present his bug as part of the "Show and Tell" section at this event for an "Eyes Only" audience as is typical at a live hacking event.

Happy Hacking,

The Paranoids

Social tags: @verizonmedia @theparanoids #itpaystobeparanoid #bugbountychile