SlideShare a Scribd company logo

Release The Hounds: Part 2 “11 Years Is A Long Ass Time”

Casey Ellis
Casey Ellis

Bugcrowd was founded at an inflection point in the history of the Internet and awareness of cybersecurity. A lot has changed since 2012 - to the cybersecurity industry, to the technology landscape, to the view of hackers as helpful and not just harmful, and - importantly - to the awareness of cybersecurity as "everyone's problem". In 2023, we find ourselves at a similar inflection point for our space. This keynote unpacks the last 11 years as a predictor of what is next, and as an encouragement and roadmap for budding cybersecurity entrepreneurs and solutioneers.

Technology
1 of 53
Download to read offline
https://bugcrowd.com/try-bugcrowd Release The Hounds: Part 2 “11 Years Is A Long Ass Time” Casey Ellis - BSides Knoxville 2023
https://bugcrowd.com/try-bugcrowd
https://bugcrowd.com/try-bugcrowd change the operating environment for hacking in good-faith create a new market by disrupting the economics of defense vs attack encourage the pursuit of potential (time) 2012 2023
https://bugcrowd.com/try-bugcrowd whoami • Founder/Chairman/CTO of Bugcrowd and Cofounder of The disclose.io Project • Pioneered Crowdsourced Security as-a-Service • 20+ years in infosec… Hacker > Pentest > Solutions/Sales > Entrepreneur • Hacking Policy Council, Election Security Advisory Committee, Cyber Policy Working Group, etc • Aussie, Husband, Dad x 2, Drummer, System Thinker • Lives in San Francisco, California $ sudo hack.sh $ sudo hustle.sh @caseyjohnellis https://cje.io
https://bugcrowd.com/try-bugcrowd
https://bugcrowd.com/try-bugcrowd 1 March 2013 https://www.slideshare.net/bugcrowd/release-the-hounds-a-look-inside-bugcrowd-ruxmon-1-march-2013
https://bugcrowd.com/try-bugcrowd 1 March 2013 https://www.slideshare.net/bugcrowd/release-the-hounds-a-look-inside-bugcrowd-ruxmon-1-march-2013
https://bugcrowd.com/try-bugcrowd O ffi ce 0.1 (2012) O ffi ce 1.0 (2013)
https://bugcrowd.com/try-bugcrowd 8 December 2012 The original Bugcrowd “platform”
https://bugcrowd.com/try-bugcrowd 30 November 2012 The fi rst Bugcrowd program
https://bugcrowd.com/try-bugcrowd 2012 #ripgoodtimes
https://bugcrowd.com/try-bugcrowd nekkminnit…
https://bugcrowd.com/try-bugcrowd “all security is the product of something bad happening” …Sudanese Lyft driver in San Francisco
https://bugcrowd.com/try-bugcrowd 2013 “Hacking happens”
https://bugcrowd.com/try-bugcrowd …followed by
https://bugcrowd.com/try-bugcrowd 2014 “Hacking happens to me”
https://bugcrowd.com/try-bugcrowd 2015 “Hacking happens to me and it hurts”
https://bugcrowd.com/try-bugcrowd 2016 “Hacking happens to my country”
https://bugcrowd.com/try-bugcrowd 2017 to 2020 “Software is eating the world and bad guys are eating the software”
https://bugcrowd.com/try-bugcrowd 2020 “My employee’s 5 year old responsible for my corporate attack surface”
https://bugcrowd.com/try-bugcrowd 2021 “The Internet is basically a large pile of turtles”
https://bugcrowd.com/try-bugcrowd 2022 “Everything is basically a large pile of turtles”
https://bugcrowd.com/try-bugcrowd 2023 “The machines are coming for our pile of turtles”
https://bugcrowd.com/try-bugcrowd if it’s repeated enough at the dinner table, it ends up in the board room…
https://bugcrowd.com/try-bugcrowd …also, in Congress.
https://bugcrowd.com/try-bugcrowd
https://bugcrowd.com/try-bugcrowd what was Bugcrowd doing?
https://bugcrowd.com/try-bugcrowd O ffi ce 2.0 (2013)
https://bugcrowd.com/try-bugcrowd O ffi ce 3.0 (2015)
https://bugcrowd.com/try-bugcrowd O ffi ce 4.0 (2017)
https://bugcrowd.com/try-bugcrowd 300 employees $90M USD raised ~250,000 vulns nuked ~350k hackers signed up 850 customers
https://bugcrowd.com/try-bugcrowd
https://bugcrowd.com/try-bugcrowd
https://bugcrowd.com/try-bugcrowd #thoughtops
https://bugcrowd.com/try-bugcrowd Business/Finance Risk Technical Political CISO core competancies
https://bugcrowd.com/try-bugcrowd Humility Skill Empathy Hackers core competancies
https://bugcrowd.com/try-bugcrowd broke vs woke
https://bugcrowd.com/try-bugcrowd “do not follow the path set by others, instead make your own path and leave a trail.” Ralph Waldo Emerson
Broke: “Rub some blockchain/ automation/ML/AI on it and will go away” Woke: Cybersecurity is a people problem, the technology just makes it go faster
Broke: A more “perfect” security solution is a better security solution Woke: A better security solution makes secure easier, and insecure more obvious
Broke: VDP as an external virtue signal Woke: VDP as a way to teach the business that “to err is human, to learn from error divine”
Broke: “Bug bounty’s are a vulnerability swatting silver-bullet” Woke: “Bug bounty help more organization internalize that the boogeyman is, in fact, a real thing”
Broke: Bug bounty payouts as a vanity metric Woke: Required payout as a proxy metric for cost of successful attack
Broke: “The assurance we get from pentesting is sufficient” Woke: “We need assurance AND impact to understand risk and create builder/ breaker feedback loops”
Broke: “$NATIONSTATE wouldn’t bother with my stuff” Woke: “How do I route, detect, contain, and eject a nation-state assuming they are successful”
Broke: security@domain.com > /dev/null Woke: disclose.io
disclose.io - Fixing the Internet’s Auto-Immune Problem - Open Source Disclosure Policy Framework - Safe Harbor logo recognition - Public directory of adopters and search tools for hunters - Legal standardization of vulnerability disclosure language - Safe Harbor for good-faith hackers - Rewarding proactive behavior on the company
https://bugcrowd.com/try-bugcrowd what comes next?
• Threat actors will continue to blur together. • Chaotic threat actors will re-emerge and we will be totally unprepared. • Wholesale access to AI/GAI/ML will accelerate the defenders dilemma to the point where we’ll need to reboot our view of “the game”. • The business will force cybersecurity to continue shifting from capability- based value towards risk-based value. • Policy and regulation will play a key role in defining the future operating landscape. • Basic hygiene is still hard - Our primary problem will continue to be reminding people to “wash their hands after they use the restroom”.
so, how’s that idea coming along?
https://bugcrowd.com/try-bugcrowd in summary hackers have a seat at almost any table now good things happen when you step out hackers kick ass at this stuff there’s urgency and a window of opportunity …so hence forth and be rad.
“a ship in port is safe… …but that’s not what ships are for”
https://bugcrowd.com/try-bugcrowd Questions? @caseyjohnellis casey@bugcrowd.com https://cje.io Greetz to sawaba, joe, and the bsidesknox crew, codesoda, serge, all the bugcrowders, and all you crazy hackers, hacker listeners, and hacker advocates out there

Recommended

RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...Casey Ellis
 
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?Casey Ellis
 
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceCasey Ellis
 
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...Casey Ellis
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
TechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupTechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupCasey Ellis
 

Recommended

RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
 
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...
KEYNOTE: Nullcon 2021 - Security Research and Disclosure - The Unauthorized B...Casey Ellis
 
Hack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionHack The Capitol - The Unlikely Romance - Critical Infrastructure Edition
Hack The Capitol - The Unlikely Romance - Critical Infrastructure EditionCasey Ellis
 
Bug bounty or beg bounty?
Bug bounty or beg bounty?Bug bounty or beg bounty?
Bug bounty or beg bounty?Casey Ellis
 
ACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceACRNA Webinar #5: Cyber Security – The Unlikely Romance
ACRNA Webinar #5: Cyber Security – The Unlikely RomanceCasey Ellis
 
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...
#AusCERT2021 - Inside The Unlikely Romance Crowdsourced Security from a Finan...Casey Ellis
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
TechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupTechCrunch Early Stage 2020 - How to prioritize security at your startup
TechCrunch Early Stage 2020 - How to prioritize security at your startupCasey Ellis
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Corncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCorncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCasey Ellis
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a matchZoltan Balazs
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Francois Marier
 
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent TrackingG. S. McNamara
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
A full ethical hacking course
A full ethical hacking courseA full ethical hacking course
A full ethical hacking courseEkansh7
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity George Boobyer
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentJames Wickett
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Defcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefCamp
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
ethical_hacking_tutorial.pdf
ethical_hacking_tutorial.pdfethical_hacking_tutorial.pdf
ethical_hacking_tutorial.pdfMrVishalAllen
 
Ethical hacking tutorial
Ethical hacking tutorialEthical hacking tutorial
Ethical hacking tutorialHarikaReddy115
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
 
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelGRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelCasey Ellis
 

More Related Content

Similar to Release The Hounds: Part 2 “11 Years Is A Long Ass Time”

Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Corncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCorncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCasey Ellis
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Bruce Wolfe
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for ActivistsGreg Stromire
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a matchZoltan Balazs
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Francois Marier
 
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent TrackingG. S. McNamara
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsJoe McCray
 
A full ethical hacking course
A full ethical hacking courseA full ethical hacking course
A full ethical hacking courseEkansh7
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity George Boobyer
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentJames Wickett
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinPhillip Maddux
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From HacksTony Perez
 
Defcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefCamp
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
ethical_hacking_tutorial.pdf
ethical_hacking_tutorial.pdfethical_hacking_tutorial.pdf
ethical_hacking_tutorial.pdfMrVishalAllen
 
Ethical hacking tutorial
Ethical hacking tutorialEthical hacking tutorial
Ethical hacking tutorialHarikaReddy115
 

Similar to Release The Hounds: Part 2 “11 Years Is A Long Ass Time” (20)

Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Corncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely RomanceCorncon 2021 - Inside the Unlikely Romance
Corncon 2021 - Inside the Unlikely Romance
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For Money
 
Who's that knocking on my firewall door?
Who's that knocking on my firewall door?Who's that knocking on my firewall door?
Who's that knocking on my firewall door?
 
Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest
 
Data Privacy for Activists
Data Privacy for ActivistsData Privacy for Activists
Data Privacy for Activists
 
Web3 + scams = It's a match
Web3 + scams = It's a matchWeb3 + scams = It's a match
Web3 + scams = It's a match
 
Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016Security and Privacy on the Web in 2016
Security and Privacy on the Web in 2016
 
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
(ISC)2 CyberSecureGov 2015 - The Next APT: Advanced, Persistent Tracking
 
Big Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security EnvironmentsBig Bang Theory: The Evolution of Pentesting High Security Environments
Big Bang Theory: The Evolution of Pentesting High Security Environments
 
A full ethical hacking course
A full ethical hacking courseA full ethical hacking course
A full ethical hacking course
 
DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity DrupalCamp London 2017 - Web site insecurity
DrupalCamp London 2017 - Web site insecurity
 
Rugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven DevelopmentRugged Software Using Rugged Driven Development
Rugged Software Using Rugged Driven Development
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
Honeypots, Deception, and Frankenstein
Honeypots, Deception, and FrankensteinHoneypots, Deception, and Frankenstein
Honeypots, Deception, and Frankenstein
 
WordPress Security - Learning From Hacks
WordPress Security - Learning From HacksWordPress Security - Learning From Hacks
WordPress Security - Learning From Hacks
 
Defcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hacker
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
ethical_hacking_tutorial.pdf
ethical_hacking_tutorial.pdfethical_hacking_tutorial.pdf
ethical_hacking_tutorial.pdf
 
Ethical hacking tutorial
Ethical hacking tutorialEthical hacking tutorial
Ethical hacking tutorial
 

More from Casey Ellis

CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCasey Ellis
 
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelGRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelCasey Ellis
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Casey Ellis
 
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?Casey Ellis
 
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsCasey Ellis
 
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...Casey Ellis
 
AppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonAppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonCasey Ellis
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESCasey Ellis
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing BugcrowdCasey Ellis
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesCasey Ellis
 
Enigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersEnigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersCasey Ellis
 
Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Casey Ellis
 

More from Casey Ellis (15)

CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowdCVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
 
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next LevelGRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
GRIMMCon: disclose.io - Taking the Internet's Immune System to the Next Level
 
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
KEYNOTE ComfyconAU 2020: disclose.io Vulnerability disclosure and Safe Harbor...
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5Full Disclosure Debate - NBT 5
Full Disclosure Debate - NBT 5
 
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?KEYNOTE: The Unlikely Romance: Part 2 - What Now?
KEYNOTE: The Unlikely Romance: Part 2 - What Now?
 
Webinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po editsWebinar kym-casey-bug bounty tipping point webcast - po edits
Webinar kym-casey-bug bounty tipping point webcast - po edits
 
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
NodeSummit 2016 - WELCOME TO THE BLUE TEAM! CREATING “OH SHIT” MOMENTS FOR FU...
 
AppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting SeasonAppSecUSA - Your License for Bug Hunting Season
AppSecUSA - Your License for Bug Hunting Season
 
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIESISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
ISSA CISO Summit 2017 - AN UNLIKELY ROMANCE THE CURRENT STATE OF BUG BOUNTIES
 
Introducing Bugcrowd
Introducing BugcrowdIntroducing Bugcrowd
Introducing Bugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug BountiesAusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
AusCERT 2016 - An Unlikely Romance: The Current State of Bug Bounties
 
Enigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and BreakersEnigma 2018 - Combining the Power of Builders and Breakers
Enigma 2018 - Combining the Power of Builders and Breakers
 
Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...Welcome to the blue team! How building a better hacker accidentally built a b...
Welcome to the blue team! How building a better hacker accidentally built a b...
 

Recently uploaded

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Alison B. Lowndes
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsStefano
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...CzechDreamin
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfalexjohnson7307
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 

Release The Hounds: Part 2 “11 Years Is A Long Ass Time”