BEGIN:VCALENDAR
VERSION:2.0
PRODID:Data::ICal 0.24
BEGIN:VEVENT
DESCRIPTION:   'Title: Practical Exploitation of DoS in Bug Bounty\n   When
 : Friday\, Aug 9\, 10:00 - 10:59 PDT\n   Where: LVCC West/Floor 2/W222-Cre
 ator Stage 4 - [1]Map\n\n   Description:\n\n   The talk "Practical Exploit
 ation of DoS in Bug Bounty" explains\n   methods for identifying and explo
 iting Denial of Service (DoS)\n   vulnerabilities in bug bounty programs. 
 Starting with an overview of\n   DoS attacks and their impact\, we will hi
 ghlight how these attacks\n   disrupt services by overwhelming resources o
 r exploiting flaws. The\n   talk covers various DoS attack types\, includi
 ng N+1 errors\, in-depth\n   GraphQL crashing\, and Cache Poisoning\, with
  real-world examples\n   demonstrating their effects.\n\n   We will then d
 etail practical techniques for discovering DoS\n   vulnerabilities. This i
 ncludes automated scanning tools\, manual\n   testing methods\, and unders
 tanding the target system's architecture.\n\n   N+1 errors occur when an a
 pplication makes redundant database queries\,\n   significantly impacting 
 performance. Attackers can exploit this by\n   triggering numerous unneces
 sary queries\, causing severe slowdowns or\n   crashes. GraphQL\, a query 
 language for APIs\, can be vulnerable to\n   complex queries that consume 
 excessive resources\, leading to server\n   crashes. We will show how to c
 raft such queries and the resulting\n   impact. Cache Poisoning involves m
 anipulating cached data to serve\n   malicious or incorrect content\, whic
 h can disrupt services or degrade\n   performance. We will explore techniq
 ues to poison caches and\n   demonstrate the potential consequences.\n\n  
  Additionally\, the talk emphasizes the importance of responsibly\n   repo
 rting discovered vulnerabilities to bug bounty programs. Best\n   practice
 s are shared for effectively communicating findings and\n   ensuring timel
 y mitigation. Of course\, there are some fails during\n   this path\, and 
 those are going to be covered too.\n\n   The session wraps up by stressing
  the need for continuous learning and\n   staying updated on the latest tr
 ends in DoS attack vectors and\n   mitigation strategies\n\n   SpeakerBio:
   Roni "Lupin" Carta\, Co-Founder at Lupin & Holmes\n\n   Roni Carta\, a.k
 .a @Lupin\, is a 22 years old ethical hacker. He left\n   school and his v
 irtual classes to devote himself full-time to hacking.\n   He credits Maur
 ice Leblanc's book "Arsène Lupin" with immersing him\n   into the culture
  and mindset of ethical hacking.\n\n   Roni co-founded with his brother Lu
 pin & Holmes\, an offensive security\n   Research & Development company\n\
 n   '\n\n   1. #LVCCW_Level2_North\n\n\n
DTEND:20240809T175900Z
DTSTART:20240809T170000Z
LOCATION:BBV - LVCC West/Floor 2/W222-Creator Stage 4
SUMMARY:Practical Exploitation of DoS in Bug Bounty
END:VEVENT
END:VCALENDAR