Black Hat Europe 2021

Categories
2021 Bug Bounty conferences
💡 What’s planned?

Black Hat is an internationally recognized cybersecurity event series, and provides attendees with the latest trends in information security. The event’s objective is to offer security experts a community sharing and learning place. It now takes place in the US, Europe & Asia.

As an active member of the information security community, YesWeHack is thrilled to take part in Black Hat Europe, on Nov 10-11!

👥 LIVE…

We’re be in London – so meet our team on booth 318!

And join our Tech Ambassador BitK at the Arsenal for two special sessions – on Nov 10, 2:15pm at the Arsenal Station 2 ; the second on Nov 11, 11:00am at the Arsenal Station 1. He will deal with the following topic:

Xsstools: the XSS Exploitation Framework

XSS is one of the most common bug found on web application but the impact is often underestimated, and I think we can blame POC doing only an alert for that. While proving arbitrary code execution seems enough for bug hunters, people with less security knowledge may fail to grasp all the thing we can do with a bit of JavaScript.
It’s our job to explain and prove the impact but writing custom payload for every scope can be tiresome, because a XSS can trigger it a lot of different context reusing the same attack is often impossible.

Xsstools is a new exploitation framework from bug bounty hunter and red teamer. It will help you build powerful and reusable payload that can be “compiled” to work in every situation.

The framework come with all the common goodies you might need:

  • form submission with csrf token
  • data exfiltration via multiple channels
  • click and keylogger
  • DOM manipulation
  • Clickjacking helpers
  • and much more

 

New features will be released for Black Hat armory:

  • cache only spidering
  • persistent exploitation

 

This tool is available on GitHub https://github.com/yeswehack/xsstools under GPL-3.0 License.

OR Virtual? 💻

We’re also attending the online part of Black Hat, so drop by our virtual booth on Swapcard! Our team will be glad to talk with you about crowdsourced security.

Besides, don’t miss Sam Lowe, Account Executive UK at YesWeHack, on the on-demand zone! He will give a 15min session, Nov 10 at 8am, on:

How to maximise the impact of your bug bounty program

Security leaders need to keep pace with accelerating releases and IT project life cycles. Traditional security approaches have their limitations so many organisations are enlisting the help of ethical hackers, through bug bounty programs.

In this talk you’ll discover:

  • How bug bounty drives effectiveness, agility, and ROI
  • Why your peers in security are turning to bug bounty
  • What our clients say about their bug bounty experience
  • How do you get started in bug bounty?
  • Bug bounty best practice

▶️ Register here!

About us 👇

YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2015, we offer an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered). We connect organizations with tens of thousands ethical hackers from 170 countries to secure their exposed scopes. YesWeHack runs private and public programs in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.

Date(s): 10/11/2021 - 11/11/2021 | All Day

Location(s): ExCeL London | Royal Victoria Dock, 1 Western Gateway | London | United Kingdom