H1-702 2018 makes history with over $500K in bounties paid!

In August 2016, a small group of HackerOne staff brought to life the first ever live hacking event in HackerOne’s history at DEF CON 24 in Las Vegas, Nevada. We learned so many things over those three days and nights. Amongst our successes there was a laundry list of failures and our determination to grow these events and improve on them became part of our DNA and culture. 

Fast forward two years to h1-702 2018 during DEF CON 26, over 75 hackers representing 20+ countries hacked five targets, including The United States Marine Corps, across five nights, earning over $500,000. It was the largest and most successful live hacking event we’ve ever done. 
 

^{Birds eye view of the rooftop pool at h1-702 2018}

H1-702 2018 was hosted at the W Hotel at the top of the Las Vegas strip. Across the 4 floors of the complex, we offered multiple hacking, customer, and guest experiences that showed what HackerOne was all about. The venue included a wet deck with hacker-equipped cabanas, a hacker village filled with multiple 80” tv screens, funky chandeliers, and diverse seating arrangements, and a requisite quiet room stocked with bean bag chairs. See all the photos in our h1-702 2018 Facebook album.

^{@try_to_hack making himself at home, hacking in a poolside cabana at the W Hotel}

Welcoming Women in Security and Privacy
On Friday evening, August 10th, we hosted 50 individuals affiliated with the SF-based Women in Security and Privacy (WISP) group. Special thanks to WISP team member Melanie Masterson for her warm introduction and Jesse Kinser (@randomdeduction), who gave an overview of her experience as a hacker while also providing some great insights into what tools to start use and what kinds of programs to hack on.

For the final portion of the evening, HackerOne’s own co-founder Jobert Abma gave a Hacking 101 tutorial and led a homemade CTF for the group. Winners of the CTF presented their solutions and were awarded $100 cash bounties for their work.

Fostering and growing the hacker community takes a village. We’re so grateful to WISP and all the participating hackers for taking the time to knowledge share, collaborate, and learn with us.

H1-702 by the Numbers
Across the entire five days of h1-702 2018 hackers submitted a total of 915 vulnerability reports, 607 of which were deemed valid for an event wide clear signal percentage of 66% (when including "nominal" signal reports, i.e. informative and duplicate reports, overall event wide signal approached 100%). Of the 607 valid reports, nearly 200 were marked as high or critical in severity. Customers cumulatively paid out $539,712 in bounties for one of the the greatest bounty weeks in HackerOne history.

Bounties weren’t the only thing served up, a custom swag buffet for each night included a combined 15,000 individual items across 35 pieces of unique swag!
 

^{HackerOne’s tee of the week}

Awards
Each evening customers and HackerOne staff selected the top hacker, naming them “The Vigilante” award for the night. 

• Night 1 - teamsweden (fransrosen, avlidienbrunn, zetatwo, almroot)
• Night 2 - corb3nik
• Night 3 - bull
• Night 4 - team_beard (dkd, inhibitor181, jackds)
• Night 5 - popeax

At the conclusion of five consecutive nights of hacking, we gave away four overall awards:

• The Exalted (most reputation earned) went to try_to_hack
• The Assassin (highest signal) went to cache-money
• The Exterminator (most valid bugs submitted) went to try_to_hack
• The Most Valuable Hacker (MVH) went to intidc!

^{h1-702 2018 Most Valuable Hacker Inti De Ceukelaire poses with HackerOne’s Ted Kramer}

Final leaderboards for all five nights and each evening are below:
h1-702 total
Night 1
Night 2
Night 3
Night 4
Night 5

Thank you to all of our hackers, customers, sponsors, and staff who made h1-702 2018 our most successful live hacking event to date!

^{Participating hackers, U.S. Marines, and Defense Digital Services staff, pose on the final night of h1-702}

The next live hacking event is right around the corner, so stay tuned!