Bug Bounty Simulation - Hack to Win Prizes!

The bug bounty workshop is a fully-featured bug bounty simulation - participants of BSides Canberra can help find bugs for a mock network designed by people who have participated in bug bounties for way too long.

This workshop aims to provide those with basic application security skills with the ability to understand how to seek bugs on a network that looks just like one owned by a legitimate company.

The bugs on this network will closely align to trends that we have seen in bug bounties, and some trickier bugs that we have found for other companies that should act as fun challenges for the daring.

There will be around 20-30 challenges, most of them will be oriented towards application and network security - similar to almost any other bug bounty one would participate in.

There will be LOTS of prizes! Prizes will be awarded to almost everyone who submits a valid bug, and there will be special prizes reserved for to the top 3 bug bounty hunters on the day.

This workshop is essentially one big CTF where you get prizes for solving problems. We want participants to feel the rush of being able to solve a problem, receive acknowledgement for solving the problem and finally also receive an award of some sort for solving it.

Check back here or in the handbook for more details closer to the day.

Hosted By:


Shubs breaks things for a living @BishopFox, heavily participates in bug bounties and in his free time and enjoys automating heavy network and application recon. He enjoys teaching and bringing young talent into infosec.


Naffy works on bug bounties full time and in his free time, enjoys doing hood rat stuff with his hood rat friends.


Gil works at Loop Technology where he conducts penetration tests and translates vulnerabilities into business risk. In his free time he builds security tools, researches IoT and reads comic books.


Andy started his career in IT.security as a shift-working firewall monkey. He subsequently became a software developer, ran a software development consulting outfit, and worked at several startups before squaring the circle by joining Bugcrowd as employee #1. He enjoys whiskey and fractals.


Skooch is a kiwi hacker who works by day pentesting at ZX Security, but by night poking at XNU with debuggers, frustration, and a good whiskey. He also does a little bounty stuff on the side because shubs goaded him into it (fantastically).


Muld0r breaks things for a living @commbank, helps run @platypuspartay, and writes software & security tools in his free time. On the weekend you’ll find him griefing new players in CS:GO and StarCitizen.