1 00:00:00,560 --> 00:00:03,199 good afternoon hello 2 00:00:03,199 --> 00:00:04,480 hi 3 00:00:04,480 --> 00:00:05,600 so 4 00:00:05,600 --> 00:00:07,120 i'm not even going to try and pronounce 5 00:00:07,120 --> 00:00:08,320 your name 6 00:00:08,320 --> 00:00:10,559 let me do it for you 7 00:00:10,559 --> 00:00:12,639 yes please please perfect my name is 8 00:00:12,639 --> 00:00:15,040 evagenia 9 00:00:15,040 --> 00:00:17,600 you have gained yeah perfect yes 10 00:00:17,600 --> 00:00:18,880 fantastic 11 00:00:18,880 --> 00:00:21,279 well you have genia welcome to bearcon 12 00:00:21,279 --> 00:00:22,080 three 13 00:00:22,080 --> 00:00:22,960 um 14 00:00:22,960 --> 00:00:25,279 a double welcome um because you've also 15 00:00:25,279 --> 00:00:27,519 been a sponsor for the organization 16 00:00:27,519 --> 00:00:29,279 so you have genia works for 17 00:00:29,279 --> 00:00:31,519 or is the ceo of hackenproof 18 00:00:31,519 --> 00:00:34,000 and she's joined us today to talk about 19 00:00:34,000 --> 00:00:35,680 the wonderful world of bug bounties and 20 00:00:35,680 --> 00:00:37,440 the impact the profound impact that that 21 00:00:37,440 --> 00:00:39,520 can have on an individual's career 22 00:00:39,520 --> 00:00:40,960 so if you're ready 23 00:00:40,960 --> 00:00:42,840 then the floor is 24 00:00:42,840 --> 00:00:46,719 yours let me show you my screenplay 25 00:00:47,280 --> 00:00:49,600 please 26 00:00:53,280 --> 00:00:57,640 yeah it should be okay now 27 00:00:59,440 --> 00:01:03,280 uh can you see it just to confirm 28 00:01:06,400 --> 00:01:09,360 yeah we can see that perfect 29 00:01:10,560 --> 00:01:13,280 my name is evgenia i'm a ceo of back 30 00:01:13,280 --> 00:01:15,280 bounty platform which we started four 31 00:01:15,280 --> 00:01:16,479 years ago 32 00:01:16,479 --> 00:01:19,439 now we work mostly on the fintech 33 00:01:19,439 --> 00:01:22,320 industry especially crypto and work with 34 00:01:22,320 --> 00:01:23,520 top 35 00:01:23,520 --> 00:01:25,680 industry players like different 36 00:01:25,680 --> 00:01:27,520 exchanges like uptakes different 37 00:01:27,520 --> 00:01:30,799 protocols avalanche switching and others 38 00:01:30,799 --> 00:01:32,880 our community of political hikers now 39 00:01:32,880 --> 00:01:33,840 more than 40 00:01:33,840 --> 00:01:36,720 6000 hackers what hit hackers 41 00:01:36,720 --> 00:01:39,840 and yeah i started my career in cyber 42 00:01:39,840 --> 00:01:42,399 security like i don't remember like nine 43 00:01:42,399 --> 00:01:43,680 years ago 44 00:01:43,680 --> 00:01:46,799 and created a lot of local chapters like 45 00:01:46,799 --> 00:01:50,000 of defcon of us different conferences 46 00:01:50,000 --> 00:01:52,079 and cyber security for cyber security 47 00:01:52,079 --> 00:01:53,680 focus for students 48 00:01:53,680 --> 00:01:56,399 and doing a lot of work to educate local 49 00:01:56,399 --> 00:01:59,040 community here and involve more and more 50 00:01:59,040 --> 00:02:01,119 people into back bounties 51 00:02:01,119 --> 00:02:04,159 and today i want to tell you more about 52 00:02:04,159 --> 00:02:06,159 uh what the benefit of bug bounty 53 00:02:06,159 --> 00:02:08,720 hunting what the what is it and how it 54 00:02:08,720 --> 00:02:10,560 actually can help your back bouncy 55 00:02:10,560 --> 00:02:12,720 career 56 00:02:12,720 --> 00:02:14,160 so 57 00:02:14,160 --> 00:02:16,480 let's start from the beginning 58 00:02:16,480 --> 00:02:19,040 um probably a lot of us know the problem 59 00:02:19,040 --> 00:02:20,400 that when you are 60 00:02:20,400 --> 00:02:22,720 new in the industry or just a student 61 00:02:22,720 --> 00:02:26,239 it's a problem when they you need to get 62 00:02:26,239 --> 00:02:30,239 experience in order to get job and uh 63 00:02:30,239 --> 00:02:32,239 in order to get experience you need to 64 00:02:32,239 --> 00:02:34,720 get the job and the problem is it's like 65 00:02:34,720 --> 00:02:37,360 a circle and for newcomers it's 66 00:02:37,360 --> 00:02:39,920 definitely difficult to 67 00:02:39,920 --> 00:02:41,760 enter this here 68 00:02:41,760 --> 00:02:44,239 and getting some experience experience 69 00:02:44,239 --> 00:02:47,120 which will count it like a 70 00:02:47,120 --> 00:02:51,840 in your resume before going to any job 71 00:02:51,840 --> 00:02:53,040 so 72 00:02:53,040 --> 00:02:55,760 how how to start that and how backbones 73 00:02:55,760 --> 00:02:56,800 actually 74 00:02:56,800 --> 00:02:59,200 could be helpful here 75 00:02:59,200 --> 00:03:01,360 so all of us 76 00:03:01,360 --> 00:03:03,519 can participate in this world of black 77 00:03:03,519 --> 00:03:06,080 bounties because it's open to anyone 78 00:03:06,080 --> 00:03:08,800 like the student to developers to just 79 00:03:08,800 --> 00:03:10,800 you know fans of crypto which where 80 00:03:10,800 --> 00:03:12,720 we're working actively 81 00:03:12,720 --> 00:03:16,720 and how it can be helpful you can 82 00:03:16,720 --> 00:03:18,159 first of course you can find 83 00:03:18,159 --> 00:03:20,640 vulnerabilities because like bug 84 00:03:20,640 --> 00:03:22,720 bounties are open to everyone you see 85 00:03:22,720 --> 00:03:25,360 this skull you see what's like which 86 00:03:25,360 --> 00:03:27,120 vulnerabilities companies are looking 87 00:03:27,120 --> 00:03:28,799 for and you can actually test your 88 00:03:28,799 --> 00:03:31,599 skills there and it's like legal 89 00:03:31,599 --> 00:03:34,400 so it's first also what you can do and 90 00:03:34,400 --> 00:03:37,120 how bad balance he can be helpful here 91 00:03:37,120 --> 00:03:39,280 is about like writing reports because by 92 00:03:39,280 --> 00:03:42,239 writing reports you understand how these 93 00:03:42,239 --> 00:03:44,400 vulnerability reports and what's needed 94 00:03:44,400 --> 00:03:48,640 for like companies uh is fermented and 95 00:03:48,640 --> 00:03:49,920 for example 96 00:03:49,920 --> 00:03:52,480 while someone found a vulnerability in a 97 00:03:52,480 --> 00:03:54,959 in a program what they do they go with 98 00:03:54,959 --> 00:03:56,720 their like validation steps like 99 00:03:56,720 --> 00:03:58,879 description of the vulnerability they 100 00:03:58,879 --> 00:04:02,080 also determine the severity by cbss and 101 00:04:02,080 --> 00:04:03,680 they also 102 00:04:03,680 --> 00:04:05,519 choose the category of the vulnerability 103 00:04:05,519 --> 00:04:08,480 which is by cwe and like proof of 104 00:04:08,480 --> 00:04:10,799 concept so general it's like description 105 00:04:10,799 --> 00:04:13,840 of the vulnerability and how it could be 106 00:04:13,840 --> 00:04:16,798 prepared in other in the other part 107 00:04:16,798 --> 00:04:19,440 of the uh probable laptop it could be 108 00:04:19,440 --> 00:04:21,358 understandable 109 00:04:21,358 --> 00:04:23,840 also for bank bounties definitely 110 00:04:23,840 --> 00:04:27,280 there's quite a few tools that can help 111 00:04:27,280 --> 00:04:30,560 you to find vulnerabilities to make your 112 00:04:30,560 --> 00:04:32,800 process of getting this vulnerabilities 113 00:04:32,800 --> 00:04:34,560 easier and faster 114 00:04:34,560 --> 00:04:36,880 and definitely test a lot of different 115 00:04:36,880 --> 00:04:38,479 scenarios about looking for 116 00:04:38,479 --> 00:04:40,639 vulnerabilities and working with a lot 117 00:04:40,639 --> 00:04:42,479 of different companies because while 118 00:04:42,479 --> 00:04:45,040 you're back bounty hunter like 119 00:04:45,040 --> 00:04:47,520 thousands of different programs are open 120 00:04:47,520 --> 00:04:49,919 to you and you can interact with a lot 121 00:04:49,919 --> 00:04:52,479 of companies and they actually inviting 122 00:04:52,479 --> 00:04:54,720 hackers to cooperate with them they 123 00:04:54,720 --> 00:04:56,880 asking for their help and that's pretty 124 00:04:56,880 --> 00:04:59,440 cool because you know when you're 125 00:04:59,440 --> 00:05:01,360 knocking the door where no one is 126 00:05:01,360 --> 00:05:03,840 waiting for you it's not good and it's 127 00:05:03,840 --> 00:05:06,560 uh kind of prohibited in back bounties 128 00:05:06,560 --> 00:05:08,639 and in general in security when you are 129 00:05:08,639 --> 00:05:10,240 doing some testing without any 130 00:05:10,240 --> 00:05:12,320 authorization but in black bounty you 131 00:05:12,320 --> 00:05:14,639 have this authorization and you can work 132 00:05:14,639 --> 00:05:16,320 with different companies because they 133 00:05:16,320 --> 00:05:18,639 ask you to do that 134 00:05:18,639 --> 00:05:20,800 so um 135 00:05:20,800 --> 00:05:22,400 what about 136 00:05:22,400 --> 00:05:25,600 black bounty platforms and 137 00:05:25,600 --> 00:05:27,680 how they actually help you 138 00:05:27,680 --> 00:05:29,199 there are quite a few bug bounty 139 00:05:29,199 --> 00:05:31,360 platforms on the market where you can 140 00:05:31,360 --> 00:05:33,440 test your skills and actual background 141 00:05:33,440 --> 00:05:35,360 platforms this kind of mediator that 142 00:05:35,360 --> 00:05:38,720 help helps hackers to communicate with 143 00:05:38,720 --> 00:05:40,960 companies in the proper way because from 144 00:05:40,960 --> 00:05:43,120 both parties there could be some issues 145 00:05:43,120 --> 00:05:45,759 and definitely that's not what you want 146 00:05:45,759 --> 00:05:47,759 when you're just starting it's better to 147 00:05:47,759 --> 00:05:49,600 use some platforms which help you to 148 00:05:49,600 --> 00:05:52,240 communicate and in this communication 149 00:05:52,240 --> 00:05:53,919 you can definitely 150 00:05:53,919 --> 00:05:56,960 find the way how how to do it in the 151 00:05:56,960 --> 00:05:59,599 proper way 152 00:06:00,080 --> 00:06:03,199 so in the back bounties you 153 00:06:03,199 --> 00:06:05,680 work with real issues with real products 154 00:06:05,680 --> 00:06:08,000 with real businesses and it's good to 155 00:06:08,000 --> 00:06:10,160 get experience because a lot of our 156 00:06:10,160 --> 00:06:12,720 hunters for example they mention this 157 00:06:12,720 --> 00:06:14,560 backbone experience just on their 158 00:06:14,560 --> 00:06:16,880 linkedins and their cvs and it's good 159 00:06:16,880 --> 00:06:18,319 because when you see that the person 160 00:06:18,319 --> 00:06:20,000 doing like background is for two three 161 00:06:20,000 --> 00:06:20,880 years 162 00:06:20,880 --> 00:06:24,000 that sounds a lot because definitely 163 00:06:24,000 --> 00:06:25,919 he knows what he do because like 164 00:06:25,919 --> 00:06:27,759 spending two three years for bounties 165 00:06:27,759 --> 00:06:29,199 that's quite a lot 166 00:06:29,199 --> 00:06:31,360 and if you do that properly and you have 167 00:06:31,360 --> 00:06:34,800 like proper uh like ranks hall of fames 168 00:06:34,800 --> 00:06:37,280 like write-ups whatever that's 169 00:06:37,280 --> 00:06:40,160 definitely influence a lot to when you 170 00:06:40,160 --> 00:06:42,720 are looking for a job 171 00:06:42,720 --> 00:06:45,199 and also what is good about bug bounties 172 00:06:45,199 --> 00:06:46,560 and these like just countries 173 00:06:46,560 --> 00:06:48,560 communities that they are creating 174 00:06:48,560 --> 00:06:50,560 common tools that they are sharing for 175 00:06:50,560 --> 00:06:53,680 putting them on github and you can use 176 00:06:53,680 --> 00:06:55,919 a lot of stuff which is already 177 00:06:55,919 --> 00:06:57,919 open sourced and you can use that to 178 00:06:57,919 --> 00:06:59,919 find vulnerabilities 179 00:06:59,919 --> 00:07:01,039 and 180 00:07:01,039 --> 00:07:03,199 definitely what is also cool about bug 181 00:07:03,199 --> 00:07:05,120 bounty community that a lot of people 182 00:07:05,120 --> 00:07:07,360 just sharing what they found there is in 183 00:07:07,360 --> 00:07:09,840 some platform that you have this um kind 184 00:07:09,840 --> 00:07:12,560 of open stream of reports disclosed 185 00:07:12,560 --> 00:07:15,120 reports where you can see all these uh 186 00:07:15,120 --> 00:07:17,039 scenarios that hackers are testing the 187 00:07:17,039 --> 00:07:19,440 tool they are using like some some 188 00:07:19,440 --> 00:07:21,759 specific stuff about testing 189 00:07:21,759 --> 00:07:23,919 so it's kind of open community where you 190 00:07:23,919 --> 00:07:26,479 can get a lot just you just need your 191 00:07:26,479 --> 00:07:28,400 curiosity and willingness actually to do 192 00:07:28,400 --> 00:07:30,639 that 193 00:07:30,639 --> 00:07:31,680 um 194 00:07:31,680 --> 00:07:32,720 so 195 00:07:32,720 --> 00:07:36,639 mostly but bounty is about uh 196 00:07:36,639 --> 00:07:39,039 of course except like doing research 197 00:07:39,039 --> 00:07:41,599 like testing new tools and approaches 198 00:07:41,599 --> 00:07:43,759 it's a good playground because you have 199 00:07:43,759 --> 00:07:45,840 like thousands of domain names thousands 200 00:07:45,840 --> 00:07:47,840 of applications where you can test your 201 00:07:47,840 --> 00:07:50,000 new tools and it's illegal 202 00:07:50,000 --> 00:07:52,479 and also you can build different case 203 00:07:52,479 --> 00:07:55,280 studies based on different industries 204 00:07:55,280 --> 00:07:58,479 because you can work with banks airlines 205 00:07:58,479 --> 00:08:01,360 e-commerces crypto exchanges 206 00:08:01,360 --> 00:08:03,599 like some hardware and stuff and it's 207 00:08:03,599 --> 00:08:05,360 pretty cool because you have so many 208 00:08:05,360 --> 00:08:07,120 different experiences and needless to 209 00:08:07,120 --> 00:08:09,039 see them like applications that you can 210 00:08:09,039 --> 00:08:10,319 work with 211 00:08:10,319 --> 00:08:12,000 that's pretty cool because you don't 212 00:08:12,000 --> 00:08:15,360 need to go for like for to work for some 213 00:08:15,360 --> 00:08:17,599 airline actually to be able to test the 214 00:08:17,599 --> 00:08:19,599 application and it's cool because you 215 00:08:19,599 --> 00:08:22,319 can apply your knowledge there in the 216 00:08:22,319 --> 00:08:23,919 back bounty and 217 00:08:23,919 --> 00:08:26,560 and get some profit some knowledge and 218 00:08:26,560 --> 00:08:28,400 experience 219 00:08:28,400 --> 00:08:31,919 um in most cases by our experience 220 00:08:31,919 --> 00:08:33,279 hackers 221 00:08:33,279 --> 00:08:36,399 can train their attention during bug 222 00:08:36,399 --> 00:08:38,559 bounties because 223 00:08:38,559 --> 00:08:40,320 all black bounty programs has pretty 224 00:08:40,320 --> 00:08:43,200 clear scope where they mention which 225 00:08:43,200 --> 00:08:45,600 applications domain names ib addresses 226 00:08:45,600 --> 00:08:48,399 whatever uh company wants to test and 227 00:08:48,399 --> 00:08:50,320 which they 228 00:08:50,320 --> 00:08:51,839 don't want to test 229 00:08:51,839 --> 00:08:54,720 for example there are a lot of cases uh 230 00:08:54,720 --> 00:08:56,640 just because of um 231 00:08:56,640 --> 00:08:57,839 really low 232 00:08:57,839 --> 00:09:00,320 attention level that hikers look 233 00:09:00,320 --> 00:09:02,480 vulnerability is not at the right end 234 00:09:02,480 --> 00:09:05,279 points and report something that's out 235 00:09:05,279 --> 00:09:06,320 of school 236 00:09:06,320 --> 00:09:09,279 because in every policy or we have 237 00:09:09,279 --> 00:09:11,680 in-school vulnerabilities and outscore 238 00:09:11,680 --> 00:09:13,519 vulnerabilities because not for all 239 00:09:13,519 --> 00:09:15,440 vulnerabilities companies are willing to 240 00:09:15,440 --> 00:09:18,000 pay they they are willing to pay for the 241 00:09:18,000 --> 00:09:18,959 um 242 00:09:18,959 --> 00:09:20,560 programs and for like for 243 00:09:20,560 --> 00:09:22,399 vulnerabilities where 244 00:09:22,399 --> 00:09:24,959 they they see the impacts about that and 245 00:09:24,959 --> 00:09:27,200 it that's pretty important because you 246 00:09:27,200 --> 00:09:29,839 can spend a lot of time and then just 247 00:09:29,839 --> 00:09:32,560 because uh of low level of attention you 248 00:09:32,560 --> 00:09:34,959 understand that you test it's not not 249 00:09:34,959 --> 00:09:37,120 that end point and this endpoint is out 250 00:09:37,120 --> 00:09:38,160 of scope 251 00:09:38,160 --> 00:09:40,080 and also it's very important to follow 252 00:09:40,080 --> 00:09:42,160 the program updates because in some 253 00:09:42,160 --> 00:09:45,200 cases by our experience as well when um 254 00:09:45,200 --> 00:09:46,959 when someone found a lot of 255 00:09:46,959 --> 00:09:49,040 vulnerabilities in one endpoint they 256 00:09:49,040 --> 00:09:52,480 usually uh put this uh endpoint out of 257 00:09:52,480 --> 00:09:54,959 slope to be able to fix to fix 258 00:09:54,959 --> 00:09:58,480 everything and then uh put it uh back to 259 00:09:58,480 --> 00:10:01,279 in school so in most cases back bound is 260 00:10:01,279 --> 00:10:03,839 about attention test as well because you 261 00:10:03,839 --> 00:10:06,480 need to follow just rules because when 262 00:10:06,480 --> 00:10:08,160 you're going 263 00:10:08,160 --> 00:10:10,959 side back you can get into trouble 264 00:10:10,959 --> 00:10:13,279 because it's also about legal stuff 265 00:10:13,279 --> 00:10:15,120 because testing something 266 00:10:15,120 --> 00:10:17,760 is you should uh have like 267 00:10:17,760 --> 00:10:20,000 approval for that for example when we do 268 00:10:20,000 --> 00:10:22,560 pen tests we all time we get approval 269 00:10:22,560 --> 00:10:25,040 for doing this intrusion work because 270 00:10:25,040 --> 00:10:28,000 it's it's illegal if you don't have it 271 00:10:28,000 --> 00:10:30,880 and by our statistics uh for the last 272 00:10:30,880 --> 00:10:32,880 four years uh they were found like 273 00:10:32,880 --> 00:10:35,200 around 1000 vulnerabilities 274 00:10:35,200 --> 00:10:37,760 and the average price vulnerability is 275 00:10:37,760 --> 00:10:40,160 around 500 276 00:10:40,160 --> 00:10:41,760 and that's pretty cool because you can 277 00:10:41,760 --> 00:10:44,640 spend like minutes or hours and get to 278 00:10:44,640 --> 00:10:47,920 get this money uh of course if you 279 00:10:47,920 --> 00:10:49,600 if you're experienced enough but in 280 00:10:49,600 --> 00:10:51,440 order to get experience you also can do 281 00:10:51,440 --> 00:10:54,560 that we have a lot of cases when just 282 00:10:54,560 --> 00:10:56,720 newcomers because of their you know 283 00:10:56,720 --> 00:10:59,519 another way of thinking they found 284 00:10:59,519 --> 00:11:01,279 vulnerabilities and get their first 285 00:11:01,279 --> 00:11:03,120 money on back bounty not because they 286 00:11:03,120 --> 00:11:05,360 have like pretty cool technical skills 287 00:11:05,360 --> 00:11:07,360 because bug bounties is also about 288 00:11:07,360 --> 00:11:09,360 testing business logic which is really 289 00:11:09,360 --> 00:11:11,360 important it's about different access 290 00:11:11,360 --> 00:11:13,839 controls about different like just 291 00:11:13,839 --> 00:11:15,920 different access and different workflows 292 00:11:15,920 --> 00:11:17,839 how it works when you're using some 293 00:11:17,839 --> 00:11:19,760 application and see that something is 294 00:11:19,760 --> 00:11:22,480 not going well or something is varied 295 00:11:22,480 --> 00:11:24,880 you probably can test that 296 00:11:24,880 --> 00:11:26,720 and see if the company 297 00:11:26,720 --> 00:11:29,440 has the bug bounty and report it if if 298 00:11:29,440 --> 00:11:31,760 something about security security issues 299 00:11:31,760 --> 00:11:34,800 because um although um you can you can 300 00:11:34,800 --> 00:11:36,800 do the back bounty you know like your 301 00:11:36,800 --> 00:11:38,640 job but sometimes you're just using some 302 00:11:38,640 --> 00:11:40,399 obligations for music for video or 303 00:11:40,399 --> 00:11:42,959 whatever and you see something something 304 00:11:42,959 --> 00:11:44,399 wrong because your 305 00:11:44,399 --> 00:11:47,279 your hacker mind uh tells you that 306 00:11:47,279 --> 00:11:49,040 something something could be wrong here 307 00:11:49,040 --> 00:11:51,279 and i can see what's wrong and test it 308 00:11:51,279 --> 00:11:53,360 but before it's there to check if they 309 00:11:53,360 --> 00:11:55,600 have bug bounty and if they are willing 310 00:11:55,600 --> 00:11:58,880 actually to accept your report 311 00:11:58,880 --> 00:12:00,480 and then another interesting thing that 312 00:12:00,480 --> 00:12:02,399 bug bounties is a part of that but 313 00:12:02,399 --> 00:12:04,240 generally like vulnerability disclosure 314 00:12:04,240 --> 00:12:07,920 industry is is like bigger and you can 315 00:12:07,920 --> 00:12:10,399 not only look for bug bounty but also 316 00:12:10,399 --> 00:12:13,200 for vulnerability disclosure policy for 317 00:12:13,200 --> 00:12:15,600 security text on the websites 318 00:12:15,600 --> 00:12:18,000 uh and trying to see if the company 319 00:12:18,000 --> 00:12:19,360 actually 320 00:12:19,360 --> 00:12:21,440 used some best practices about working 321 00:12:21,440 --> 00:12:23,839 with hackers and being transparent in 322 00:12:23,839 --> 00:12:26,399 this market 323 00:12:26,720 --> 00:12:27,680 um 324 00:12:27,680 --> 00:12:30,800 so what's behind these bounties and 325 00:12:30,800 --> 00:12:34,240 what you actually can get with um 326 00:12:34,240 --> 00:12:36,560 with doing bug bounties 327 00:12:36,560 --> 00:12:39,839 so uh definitely you can 328 00:12:39,839 --> 00:12:41,120 develop 329 00:12:41,120 --> 00:12:42,880 some research tools 330 00:12:42,880 --> 00:12:46,560 which can be used in in other cases i 331 00:12:46,560 --> 00:12:48,399 can tell you a story here one of our 332 00:12:48,399 --> 00:12:52,160 hackers he started like a qe engineer 333 00:12:52,160 --> 00:12:53,279 and 334 00:12:53,279 --> 00:12:56,399 he switched to like more biology 335 00:12:56,399 --> 00:13:00,480 and from that point he was curious about 336 00:13:00,480 --> 00:13:02,320 about security vulnerabilities he 337 00:13:02,320 --> 00:13:04,720 started to work inside that industry uh 338 00:13:04,720 --> 00:13:07,839 in some like um security consulting 339 00:13:07,839 --> 00:13:09,040 company 340 00:13:09,040 --> 00:13:12,160 and started to do but bounty 341 00:13:12,160 --> 00:13:14,160 he'd done i guess like couple of years 342 00:13:14,160 --> 00:13:16,880 he have made like millions 343 00:13:16,880 --> 00:13:19,680 on like mobile vulnerabilities 344 00:13:19,680 --> 00:13:21,680 with his scanner 345 00:13:21,680 --> 00:13:22,639 and 346 00:13:22,639 --> 00:13:23,519 he 347 00:13:23,519 --> 00:13:25,920 now he's doing the startup where he uses 348 00:13:25,920 --> 00:13:28,240 this scanner to help other hackers 349 00:13:28,240 --> 00:13:30,639 actually to find vulnerabilities to 350 00:13:30,639 --> 00:13:32,880 report them and to 351 00:13:32,880 --> 00:13:35,920 like to get bounty to get more knowledge 352 00:13:35,920 --> 00:13:38,880 from that and also he uh he's suggesting 353 00:13:38,880 --> 00:13:40,959 his scanner to enterprises 354 00:13:40,959 --> 00:13:43,519 where he found vulnerabilities before 355 00:13:43,519 --> 00:13:44,800 and 356 00:13:44,800 --> 00:13:47,040 yeah trying to help them to automate 357 00:13:47,040 --> 00:13:51,440 make this process more automatic and 358 00:13:51,440 --> 00:13:54,079 yeah security more robust 359 00:13:54,079 --> 00:13:55,680 so a lot of 360 00:13:55,680 --> 00:13:59,279 a lot of guys actually 361 00:14:00,959 --> 00:14:02,880 sometimes lack of motivation to do bug 362 00:14:02,880 --> 00:14:06,240 bounty because um because 363 00:14:06,240 --> 00:14:07,839 you know when you are not funding 364 00:14:07,839 --> 00:14:09,680 vulnerabilities for a long time that's 365 00:14:09,680 --> 00:14:11,839 definitely the motivation but 366 00:14:11,839 --> 00:14:14,399 uh once you've found something cool you 367 00:14:14,399 --> 00:14:16,800 can like you can find more and more like 368 00:14:16,800 --> 00:14:18,079 every time 369 00:14:18,079 --> 00:14:20,560 and also what's cool about that that you 370 00:14:20,560 --> 00:14:23,760 can learn every time so for example a 371 00:14:23,760 --> 00:14:26,000 lot of hackers just do um 372 00:14:26,000 --> 00:14:28,240 mobile or web 373 00:14:28,240 --> 00:14:30,480 back hunting but now in the market there 374 00:14:30,480 --> 00:14:32,639 is more and more like crypto programs 375 00:14:32,639 --> 00:14:34,560 which is smart contracts blockchain 376 00:14:34,560 --> 00:14:37,360 protocols and other stuff and it's where 377 00:14:37,360 --> 00:14:39,680 you can like enhance your knowledge and 378 00:14:39,680 --> 00:14:41,360 go deeper in the this stack of 379 00:14:41,360 --> 00:14:43,920 technologies and understand more because 380 00:14:43,920 --> 00:14:46,399 the competition there is a defense 381 00:14:46,399 --> 00:14:48,320 little lower than anything like 382 00:14:48,320 --> 00:14:51,040 classical backbones but with the web and 383 00:14:51,040 --> 00:14:53,279 the mobile 384 00:14:53,279 --> 00:14:56,480 um and also what we see uh we heard a 385 00:14:56,480 --> 00:14:59,279 lot of stories from our hackers that 386 00:14:59,279 --> 00:15:01,040 they started with bug bounties doing it 387 00:15:01,040 --> 00:15:03,120 like for a couple of years and then they 388 00:15:03,120 --> 00:15:04,079 just 389 00:15:04,079 --> 00:15:06,639 applied to facebook or twitter or like 390 00:15:06,639 --> 00:15:09,279 some huge companies or tik tok and they 391 00:15:09,279 --> 00:15:11,680 work now as they are 392 00:15:11,680 --> 00:15:14,000 application security engineers or even 393 00:15:14,000 --> 00:15:16,560 triage guys which means that 394 00:15:16,560 --> 00:15:18,320 before they they 395 00:15:18,320 --> 00:15:21,040 were on the other side of the screen 396 00:15:21,040 --> 00:15:23,199 submitting this box and now they are 397 00:15:23,199 --> 00:15:25,600 helping company to actually validate all 398 00:15:25,600 --> 00:15:28,240 these vulnerabilities from hackers and 399 00:15:28,240 --> 00:15:30,560 it's pretty cool because definitely this 400 00:15:30,560 --> 00:15:32,720 industry is quite new but still there 401 00:15:32,720 --> 00:15:34,399 are a lot of opportunities and when you 402 00:15:34,399 --> 00:15:36,720 have this relevant experience you can 403 00:15:36,720 --> 00:15:37,920 apply to 404 00:15:37,920 --> 00:15:40,880 companies where they already implemented 405 00:15:40,880 --> 00:15:43,279 approach and by gartner predictions it 406 00:15:43,279 --> 00:15:45,120 would be like more than 50 percent of 407 00:15:45,120 --> 00:15:47,040 enterprises which is going to use 408 00:15:47,040 --> 00:15:49,839 backbone in the coming years so now it's 409 00:15:49,839 --> 00:15:52,240 like around i don't remember but this 410 00:15:52,240 --> 00:15:54,880 like two three percent just just 2 411 00:15:54,880 --> 00:15:56,639 percent when you're starting this 412 00:15:56,639 --> 00:15:59,040 approach with this crowdsourcing 413 00:15:59,040 --> 00:16:02,320 approach to security definitely 414 00:16:02,320 --> 00:16:05,040 in couple of years you can find more and 415 00:16:05,040 --> 00:16:06,639 more job and actually get your first 416 00:16:06,639 --> 00:16:08,959 experience with that because it's just 417 00:16:08,959 --> 00:16:12,399 about your desire to do 418 00:16:12,399 --> 00:16:15,600 um yeah so we just gathered some 419 00:16:15,600 --> 00:16:17,759 some links for developers and for 420 00:16:17,759 --> 00:16:20,000 beginners actually how they switched 421 00:16:20,000 --> 00:16:22,800 how they can switch to security and 422 00:16:22,800 --> 00:16:25,600 where they can try their skills it's 423 00:16:25,600 --> 00:16:27,759 also about the theoretical knowledge and 424 00:16:27,759 --> 00:16:30,320 also some about a vulnerable 425 00:16:30,320 --> 00:16:32,959 lapse way you can try your skills 426 00:16:32,959 --> 00:16:33,920 and 427 00:16:33,920 --> 00:16:36,480 yeah i will share this presentation 428 00:16:36,480 --> 00:16:38,720 afterwards to to be able to go through 429 00:16:38,720 --> 00:16:39,759 that 430 00:16:39,759 --> 00:16:41,680 so uh also 431 00:16:41,680 --> 00:16:43,680 we we gathered some information 432 00:16:43,680 --> 00:16:46,720 regarding podcasts where you can listen 433 00:16:46,720 --> 00:16:49,360 and do some challenges and other stuff 434 00:16:49,360 --> 00:16:51,600 where you can go deep into this industry 435 00:16:51,600 --> 00:16:53,519 understand what's going on which 436 00:16:53,519 --> 00:16:55,839 programs which tools which like 437 00:16:55,839 --> 00:16:58,800 educational platforms you can use and uh 438 00:16:58,800 --> 00:17:01,120 yeah just go deeper in the sphere and 439 00:17:01,120 --> 00:17:03,759 understand what's going on 440 00:17:03,759 --> 00:17:06,640 yes this this is about uh tools and labs 441 00:17:06,640 --> 00:17:08,240 where you can actually apply your 442 00:17:08,240 --> 00:17:11,039 knowledge and test it i'm pretty sure 443 00:17:11,039 --> 00:17:13,520 you heard about a lot of them we just 444 00:17:13,520 --> 00:17:16,880 make short conclusion of um 445 00:17:16,880 --> 00:17:19,599 what what we use how our hackers work 446 00:17:19,599 --> 00:17:22,079 what they recommend and uh yeah you're 447 00:17:22,079 --> 00:17:25,760 welcome to test all that stuff 448 00:17:25,760 --> 00:17:27,839 uh yes so 449 00:17:27,839 --> 00:17:30,000 um we're actually developing our 450 00:17:30,000 --> 00:17:32,320 community of hackers and working on 451 00:17:32,320 --> 00:17:34,240 different academies and educational 452 00:17:34,240 --> 00:17:37,600 materials how to involve more engineers 453 00:17:37,600 --> 00:17:40,160 into back hunting and security testing 454 00:17:40,160 --> 00:17:42,559 so you're always welcome to join our 455 00:17:42,559 --> 00:17:45,200 community and also for all 456 00:17:45,200 --> 00:17:47,679 beer lovers we are 457 00:17:47,679 --> 00:17:51,200 doing the network party in lisbon 458 00:17:51,200 --> 00:17:53,840 during the summit so if anyone there 459 00:17:53,840 --> 00:17:56,000 just join us we'll be happy 460 00:17:56,000 --> 00:17:59,200 to meet you all in person 461 00:17:59,200 --> 00:18:02,240 yep i i'm done i'd be happy to answer 462 00:18:02,240 --> 00:18:04,960 your questions 463 00:18:11,200 --> 00:18:13,120 thank you very much thank you very much 464 00:18:13,120 --> 00:18:14,480 gone here 465 00:18:14,480 --> 00:18:16,480 really good really interesting hopefully 466 00:18:16,480 --> 00:18:17,200 it's 467 00:18:17,200 --> 00:18:18,960 um got the attention of people that are 468 00:18:18,960 --> 00:18:21,679 interested in the bug bounty environment 469 00:18:21,679 --> 00:18:24,799 and that community so wonderful um have 470 00:18:24,799 --> 00:18:26,880 we got any questions yes yeah we do all 471 00:18:26,880 --> 00:18:30,240 right so the question here from nolly 472 00:18:30,240 --> 00:18:31,520 is 473 00:18:31,520 --> 00:18:34,240 how do you guide young people who rock 474 00:18:34,240 --> 00:18:36,720 up arrive expecting to make 475 00:18:36,720 --> 00:18:39,120 a real big payday 476 00:18:39,120 --> 00:18:41,120 from the start 477 00:18:41,120 --> 00:18:43,919 um so definitely when you are starting 478 00:18:43,919 --> 00:18:45,600 you you should 479 00:18:45,600 --> 00:18:47,840 work more on your reputation on your 480 00:18:47,840 --> 00:18:50,080 statistics work with different programs 481 00:18:50,080 --> 00:18:52,799 and get you know some experience because 482 00:18:52,799 --> 00:18:54,480 everyone is looking for experienced 483 00:18:54,480 --> 00:18:57,120 hackers but definitely for open and 484 00:18:57,120 --> 00:18:59,600 public programs everyone can participate 485 00:18:59,600 --> 00:19:02,400 and get their first hall of fames ranks 486 00:19:02,400 --> 00:19:04,640 and other stuff so 487 00:19:04,640 --> 00:19:06,880 just start and and to look for 488 00:19:06,880 --> 00:19:09,440 vulnerabilities 489 00:19:09,440 --> 00:19:12,160 so yeah i i have a question so how do 490 00:19:12,160 --> 00:19:13,440 you approach 491 00:19:13,440 --> 00:19:14,160 the 492 00:19:14,160 --> 00:19:16,080 bug bounty community from the 493 00:19:16,080 --> 00:19:18,960 perspective of sort of educating them on 494 00:19:18,960 --> 00:19:21,679 what's important you know because 495 00:19:21,679 --> 00:19:25,760 i get hit up every couple of weeks from 496 00:19:25,760 --> 00:19:27,360 so-called 497 00:19:27,360 --> 00:19:30,160 you has bug bounty people um and they're 498 00:19:30,160 --> 00:19:32,160 gonna say something like your website 499 00:19:32,160 --> 00:19:33,600 supports um 500 00:19:33,600 --> 00:19:37,360 insecure cipher suite please pay me 250 501 00:19:37,360 --> 00:19:39,520 us dollars yeah oh missing headers or 502 00:19:39,520 --> 00:19:40,640 some 503 00:19:40,640 --> 00:19:42,559 settings yeah we know that 504 00:19:42,559 --> 00:19:44,880 i get it all the time yeah definitely 505 00:19:44,880 --> 00:19:46,880 it's a problem of the industry i would 506 00:19:46,880 --> 00:19:48,799 say 507 00:19:48,799 --> 00:19:50,960 it's it's more about you know 508 00:19:50,960 --> 00:19:54,240 um educating community in the way we can 509 00:19:54,240 --> 00:19:56,960 do other platforms or other engineers 510 00:19:56,960 --> 00:19:59,039 but if you want to get real results you 511 00:19:59,039 --> 00:20:01,600 definitely won't do that i guess 512 00:20:01,600 --> 00:20:03,919 it doesn't work on the other side of the 513 00:20:03,919 --> 00:20:06,640 screen there is still guys who who knows 514 00:20:06,640 --> 00:20:09,360 what they do and all this 515 00:20:09,360 --> 00:20:11,039 emails doesn't make sense it's just a 516 00:20:11,039 --> 00:20:12,960 waste of time for both parties honestly 517 00:20:12,960 --> 00:20:16,480 in most cases uh by our experience we 518 00:20:16,480 --> 00:20:20,000 received so many of them like 98 i would 519 00:20:20,000 --> 00:20:21,760 say was useless 520 00:20:21,760 --> 00:20:24,159 only like two percent was by emails 521 00:20:24,159 --> 00:20:26,000 because usually they are trying like 522 00:20:26,000 --> 00:20:27,919 missing headers or spfs or something 523 00:20:27,919 --> 00:20:30,720 that they can usually try with scanners 524 00:20:30,720 --> 00:20:33,440 it doesn't work everyone can run a 525 00:20:33,440 --> 00:20:35,840 scanner and the importance of bug bounty 526 00:20:35,840 --> 00:20:38,159 in the hacker brain because that's the 527 00:20:38,159 --> 00:20:40,000 business logic vulnerabilities are the 528 00:20:40,000 --> 00:20:42,159 most interesting when you can go deeper 529 00:20:42,159 --> 00:20:44,240 into in the products and technology 530 00:20:44,240 --> 00:20:45,760 understand how it works and find 531 00:20:45,760 --> 00:20:48,000 something how to bypass it like usually 532 00:20:48,000 --> 00:20:49,679 just use your hack your mind to find the 533 00:20:49,679 --> 00:20:52,400 backdoor not run a scanner like everyone 534 00:20:52,400 --> 00:20:54,559 can run a scanner it's it's not what may 535 00:20:54,559 --> 00:20:56,720 like brings you money 536 00:20:56,720 --> 00:20:59,120 i i have another question and and it's 537 00:20:59,120 --> 00:21:02,320 sort of a bit of a pivot i'm not aware 538 00:21:02,320 --> 00:21:04,799 of any particularly 539 00:21:04,799 --> 00:21:08,799 good scanners for mobile applications 540 00:21:08,799 --> 00:21:11,520 so i'm wondering is that an emerging 541 00:21:11,520 --> 00:21:14,320 space then in the bug bounty community 542 00:21:14,320 --> 00:21:18,240 and if it is how do we reconcile a app 543 00:21:18,240 --> 00:21:21,280 that has vulnerabilities versus the 544 00:21:21,280 --> 00:21:24,480 android or even that other company that 545 00:21:24,480 --> 00:21:26,400 rhymes with apple 546 00:21:26,400 --> 00:21:27,919 um 547 00:21:27,919 --> 00:21:30,080 in terms of like 548 00:21:30,080 --> 00:21:32,640 please yeah yeah yeah okay good 549 00:21:32,640 --> 00:21:35,280 so uh the heart current management uh he 550 00:21:35,280 --> 00:21:37,679 is top one on the google back bounty 551 00:21:37,679 --> 00:21:40,799 program and he has his own scanner which 552 00:21:40,799 --> 00:21:44,159 is mobile application scanner 553 00:21:44,159 --> 00:21:45,840 that's how he found all this 554 00:21:45,840 --> 00:21:47,679 vulnerabilities and now he's moving to 555 00:21:47,679 --> 00:21:50,480 enterprise it's called over secured he 556 00:21:50,480 --> 00:21:54,240 has the like android and i got scanning 557 00:21:54,240 --> 00:21:55,760 and they're like a lot of top 558 00:21:55,760 --> 00:21:59,840 enterprises who works with him 559 00:22:00,320 --> 00:22:03,360 cool so i guess the follow-up to that is 560 00:22:03,360 --> 00:22:05,360 is i wanted to differentiate between 561 00:22:05,360 --> 00:22:08,720 finding a bug bounty in a app 562 00:22:08,720 --> 00:22:12,000 versus finding a vulnerability in an 563 00:22:12,000 --> 00:22:14,000 underlying operating system i mean 564 00:22:14,000 --> 00:22:15,840 clearly you do both 565 00:22:15,840 --> 00:22:17,600 but i guess what is the ones that are 566 00:22:17,600 --> 00:22:20,960 paying out more is it an app that is you 567 00:22:20,960 --> 00:22:25,600 know 300 000 installations or is it um 568 00:22:25,600 --> 00:22:27,760 a operating system level 569 00:22:27,760 --> 00:22:29,760 vulnerability definitely different 570 00:22:29,760 --> 00:22:31,840 spheres and different specialists and 571 00:22:31,840 --> 00:22:33,760 skills that you need 572 00:22:33,760 --> 00:22:35,760 and suppose both fears are good 573 00:22:35,760 --> 00:22:38,799 interesting but of course more is where 574 00:22:38,799 --> 00:22:41,200 more like harm for the users and the 575 00:22:41,200 --> 00:22:44,240 like level of enterprise and other stuff 576 00:22:44,240 --> 00:22:46,320 because like for zero days they can like 577 00:22:46,320 --> 00:22:49,280 pay millions and the other interesting 578 00:22:49,280 --> 00:22:51,679 stuff that's millions of course in this 579 00:22:51,679 --> 00:22:52,480 top 580 00:22:52,480 --> 00:22:55,360 giants but in in crypto now that's 581 00:22:55,360 --> 00:22:57,120 that's insane because for finding 582 00:22:57,120 --> 00:22:59,760 vulnerabilities my contract it can give 583 00:22:59,760 --> 00:23:02,400 you millions just recent like last week 584 00:23:02,400 --> 00:23:04,080 it was like 10 million or something but 585 00:23:04,080 --> 00:23:06,559 bounty for smart contract vulnerability 586 00:23:06,559 --> 00:23:08,559 because in this smart contract they they 587 00:23:08,559 --> 00:23:11,120 hold like a lot of money billions and of 588 00:23:11,120 --> 00:23:12,559 course they they are willing to pay for 589 00:23:12,559 --> 00:23:14,799 vulnerabilities because in other way 590 00:23:14,799 --> 00:23:18,159 they just lose money in their users 591 00:23:18,159 --> 00:23:20,080 but it's you know it's pretty specific 592 00:23:20,080 --> 00:23:22,240 sphere you should have specific 593 00:23:22,240 --> 00:23:24,400 knowledge but it's really emerging there 594 00:23:24,400 --> 00:23:27,039 is so many companies and so few hackers 595 00:23:27,039 --> 00:23:29,200 who can do that 596 00:23:29,200 --> 00:23:31,280 so it's really good one of the things 597 00:23:31,280 --> 00:23:34,159 where to invest your time and 598 00:23:34,159 --> 00:23:37,120 knowledge right now 599 00:23:37,120 --> 00:23:38,240 scott 600 00:23:38,240 --> 00:23:39,600 i wasn't going to speak but it looks as 601 00:23:39,600 --> 00:23:41,279 if we're all super excited to ask you 602 00:23:41,279 --> 00:23:43,279 loads of questions yeah mike 603 00:23:43,279 --> 00:23:44,240 yeah 604 00:23:44,240 --> 00:23:45,840 sean 605 00:23:45,840 --> 00:23:46,880 thank you 606 00:23:46,880 --> 00:23:50,159 thank you mark um so i have a question 607 00:23:50,159 --> 00:23:52,320 doing bug bounties can be really 608 00:23:52,320 --> 00:23:54,080 frustrating i imagine um especially for 609 00:23:54,080 --> 00:23:55,520 those beginning now if they're not going 610 00:23:55,520 --> 00:23:58,720 to find something and how do you or what 611 00:23:58,720 --> 00:24:00,799 sort of advice do you 612 00:24:00,799 --> 00:24:02,320 want to give out in terms of trying to 613 00:24:02,320 --> 00:24:05,120 get people staying motivated so they can 614 00:24:05,120 --> 00:24:06,880 just keep at it and hopefully find 615 00:24:06,880 --> 00:24:08,880 something that pays off eventually yeah 616 00:24:08,880 --> 00:24:10,960 definitely there is like a really 617 00:24:10,960 --> 00:24:13,039 frustrating when you can't find like 618 00:24:13,039 --> 00:24:15,679 something for some time 619 00:24:15,679 --> 00:24:19,520 but it's also you know it's uh work on 620 00:24:19,520 --> 00:24:22,400 like each person and uh what we do we're 621 00:24:22,400 --> 00:24:24,559 trying to you know motivate to find more 622 00:24:24,559 --> 00:24:26,880 vulnerabilities and you know hub hacker 623 00:24:26,880 --> 00:24:29,039 is doing some educational stuff 624 00:24:29,039 --> 00:24:32,400 doing some like joint hacking um 625 00:24:32,400 --> 00:24:35,919 into different programs so 626 00:24:35,919 --> 00:24:37,919 it's it's okay you should just accept it 627 00:24:37,919 --> 00:24:39,520 you can't find vulnerabilities all the 628 00:24:39,520 --> 00:24:41,279 time because probably it's it's not 629 00:24:41,279 --> 00:24:43,279 about you it's about just very good 630 00:24:43,279 --> 00:24:45,600 security of this application or because 631 00:24:45,600 --> 00:24:47,360 like southern hackers already checked 632 00:24:47,360 --> 00:24:49,440 that of course this security level is 633 00:24:49,440 --> 00:24:51,039 higher 634 00:24:51,039 --> 00:24:53,279 just uh switch a program switch 635 00:24:53,279 --> 00:24:55,919 attention just go relax i know doing 636 00:24:55,919 --> 00:24:57,840 something and then go back to that and 637 00:24:57,840 --> 00:25:01,279 do what you love 638 00:25:01,279 --> 00:25:02,720 cool great 639 00:25:02,720 --> 00:25:05,039 and my question was 640 00:25:05,039 --> 00:25:07,600 my observation i think and question 641 00:25:07,600 --> 00:25:10,240 is one of the things i really love about 642 00:25:10,240 --> 00:25:13,120 bug bounties and the bug bounty programs 643 00:25:13,120 --> 00:25:16,480 is this idea that it incentivizes 644 00:25:16,480 --> 00:25:17,840 hackers 645 00:25:17,840 --> 00:25:20,000 in a positive way 646 00:25:20,000 --> 00:25:22,400 so rather than them become criminal 647 00:25:22,400 --> 00:25:24,799 and hack and hold companies are ransom 648 00:25:24,799 --> 00:25:26,799 and all that kind of stuff 649 00:25:26,799 --> 00:25:29,840 they hack through ethical channels using 650 00:25:29,840 --> 00:25:31,679 recognized platforms or just directly 651 00:25:31,679 --> 00:25:33,919 with the organization um 652 00:25:33,919 --> 00:25:35,679 but not missing headers 653 00:25:35,679 --> 00:25:37,440 and 654 00:25:37,440 --> 00:25:39,919 but the idea is that it moves people 655 00:25:39,919 --> 00:25:41,760 away from a criminal 656 00:25:41,760 --> 00:25:43,919 direction and into a completely 657 00:25:43,919 --> 00:25:47,120 legitimate direction so in your 658 00:25:47,120 --> 00:25:49,600 experience are you seeing that being the 659 00:25:49,600 --> 00:25:52,080 driver and the and the motivator for 660 00:25:52,080 --> 00:25:54,880 people to do it the honest way 661 00:25:54,880 --> 00:25:57,360 yes definitely especially encrypt 662 00:25:57,360 --> 00:25:59,679 because you can steal a lot of money but 663 00:25:59,679 --> 00:26:01,919 the problem is you can't withdraw them 664 00:26:01,919 --> 00:26:04,240 easily and you should go through bug 665 00:26:04,240 --> 00:26:06,640 bounties you have no other way because 666 00:26:06,640 --> 00:26:09,039 if you hack some money and it would be 667 00:26:09,039 --> 00:26:11,440 blocked on all exchanges and another 668 00:26:11,440 --> 00:26:13,520 stuff of course you can find some ways 669 00:26:13,520 --> 00:26:16,159 but it it won't get you you know legal 670 00:26:16,159 --> 00:26:18,880 money uh you will be definitely tracked 671 00:26:18,880 --> 00:26:20,240 and uh 672 00:26:20,240 --> 00:26:22,000 you never know what's happened after 673 00:26:22,000 --> 00:26:24,640 that so definitely we see positive 674 00:26:24,640 --> 00:26:26,720 change because while the companies are 675 00:26:26,720 --> 00:26:29,760 adopting back bounties more hikers and 676 00:26:29,760 --> 00:26:32,159 more just engineers see that and can 677 00:26:32,159 --> 00:26:34,240 legally participate because they're just 678 00:26:34,240 --> 00:26:35,600 using some application and found 679 00:26:35,600 --> 00:26:36,960 vulnerabilities what they should do with 680 00:26:36,960 --> 00:26:39,039 that of course they can just leave it 681 00:26:39,039 --> 00:26:41,679 and don't do 682 00:26:41,679 --> 00:26:43,679 like anything with that 683 00:26:43,679 --> 00:26:44,720 but 684 00:26:44,720 --> 00:26:46,400 if you can get money of it and it's 685 00:26:46,400 --> 00:26:48,640 legal and you see the the company is 686 00:26:48,640 --> 00:26:52,000 actually open to receive vulnerabilities 687 00:26:52,000 --> 00:26:53,919 why not to do that in the legal way and 688 00:26:53,919 --> 00:26:57,520 definitely like bouncy started um like 689 00:26:57,520 --> 00:26:59,840 around eight years ago and definitely 690 00:26:59,840 --> 00:27:02,000 like positive change into this ethical 691 00:27:02,000 --> 00:27:03,360 way of hacking 692 00:27:03,360 --> 00:27:05,279 and working with hackers because for a 693 00:27:05,279 --> 00:27:07,360 lot of people hackers you know we just 694 00:27:07,360 --> 00:27:08,880 you know someone in black hoodies and 695 00:27:08,880 --> 00:27:10,960 really criminals and very dangerous 696 00:27:10,960 --> 00:27:13,279 person but in fact it's not just curious 697 00:27:13,279 --> 00:27:16,400 programmers curious guys who wants to 698 00:27:16,400 --> 00:27:19,360 help but probably help themselves not 699 00:27:19,360 --> 00:27:20,720 the company 700 00:27:20,720 --> 00:27:22,799 because there is no legal ways how to 701 00:27:22,799 --> 00:27:24,960 help these companies and this this 702 00:27:24,960 --> 00:27:29,200 problem is definitely um evolving and 703 00:27:29,200 --> 00:27:32,320 yeah more companies trying to do that 704 00:27:32,320 --> 00:27:36,559 yeah perfect okay well i think we're out 705 00:27:36,559 --> 00:27:37,760 of questions 706 00:27:37,760 --> 00:27:38,960 um 707 00:27:38,960 --> 00:27:42,559 so i'd just like to thank you again 708 00:27:42,720 --> 00:27:44,000 we've had some 709 00:27:44,000 --> 00:27:45,760 again like with all the other speakers 710 00:27:45,760 --> 00:27:47,760 we've had some wonderful feedback in the 711 00:27:47,760 --> 00:27:48,960 twitch chat 712 00:27:48,960 --> 00:27:49,919 so 713 00:27:49,919 --> 00:27:51,679 thank you for participating we really 714 00:27:51,679 --> 00:27:53,200 appreciate it thank you for inviting 715 00:27:53,200 --> 00:27:57,720 wish you luck was all the other day