💡 What’s planned?
Black Hat is an internationally recognized cybersecurity event series, and provides attendees with the latest trends in information security. The event’s objective is to offer security experts a community sharing and learning place. It now takes place in the US, Europe & Asia.
We’re be in London – so meet our team on booth 318!
And join our Tech Ambassador BitK at the Arsenal for two special sessions – on Nov 10, 2:15pm at the Arsenal Station 2 ; the second on Nov 11, 11:00am at the Arsenal Station 1. He will deal with the following topic:
Xsstools: the XSS Exploitation Framework
It’s our job to explain and prove the impact but writing custom payload for every scope can be tiresome, because a XSS can trigger it a lot of different context reusing the same attack is often impossible.
Xsstools is a new exploitation framework from bug bounty hunter and red teamer. It will help you build powerful and reusable payload that can be “compiled” to work in every situation.
The framework come with all the common goodies you might need:
- form submission with csrf token
- data exfiltration via multiple channels
- click and keylogger
- DOM manipulation
- Clickjacking helpers
- and much more
New features will be released for Black Hat armory:
- cache only spidering
- persistent exploitation
This tool is available on GitHub https://github.com/yeswehack/xsstools under GPL-3.0 License.
OR Virtual? 💻
We’re also attending the online part of Black Hat, so drop by our virtual booth on Swapcard! Our team will be glad to talk with you about crowdsourced security.
How to maximise the impact of your bug bounty program
Security leaders need to keep pace with accelerating releases and IT project life cycles. Traditional security approaches have their limitations so many organisations are enlisting the help of ethical hackers, through bug bounty programs.
In this talk you’ll discover:
- How bug bounty drives effectiveness, agility, and ROI
- Why your peers in security are turning to bug bounty
- What our clients say about their bug bounty experience
- How do you get started in bug bounty?
- Bug bounty best practice
About us 👇
YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2015, we offer an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered). We connect organizations with tens of thousands ethical hackers from 170 countries to secure their exposed scopes. YesWeHack runs private and public programs in compliance with the strictest European regulations.
In addition to the Bug Bounty platform, YesWeHack also offers support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.
Date(s): 10/11/2021 - 11/11/2021 | All Day
Location(s): ExCeL London | Royal Victoria Dock, 1 Western Gateway | London | United Kingdom