Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, June 30 • 17:05 - 17:50
The Tales of a Bug Bounty Hunter: 10+ Interesting Vulnerabilities in Instagram

Sign up or log in to save this to your schedule and see who's attending!

Bug bounty hunting is the new black! During this technical talk, more than 10 interesting vulnerabilities identified in Instagram, the increasingly-popular photo-based social media platform, will be presented. All vulnerabilities were disclosed responsibly via Facebook’s Public Bug Bounty program over the course of 2015 and 2016, and will be discussed in detail. Required advanced Mobile Security attack techniques for this Research, such as Binary Modification, Dynamic Hooking and Burp Suite Plugin Development will be covered, among other trickery. The most interesting vulnerabilities were hybrid: Combinations of complementary vulnerabilities in different environments (e.g. Web and Mobile). The root cause(s) of all identified issues will be mapped onto the Software Development Life Cycle (SDLC), to analyze where they could have been prevented from materializing. Last but not least, the monetary rewards offered by Facebook for each vulnerability and general Bug Bounty Hunting advice will be shared with the community.

Speakers
avatar for Arne Swinnen

Arne Swinnen

IT Security Consultant, NVISO
Arne Swinnen is an IT Security Consultant at NVISO, a Belgian Cyber Security Consulting firm. He previously worked for Verizon in a similar position. Arne specializes in Application Security and Digital Forensics. He is also a member of NVISO R&D Labs, for which he conducts technical research with a focus on these topics. He co-organized the first edition of the Cyber Security Challenge Belgium in 2015, a National cyber security competition... Read More →



Thursday June 30, 2016 17:05 - 17:50
Room C (Tiziano Ballroom Sec. 2)