We met up with Justin Kennedy and Steve Breen (BreenMachine) at DerbyCon 2015 right after they took home 2nd place in the CTF. Tune in to hear more about how Justin and Steve teamed up to tackle the CTF, as well as some tips for bug bounty hunters.

Discuss this podcast on the Bugcrowd Forums: http://bgcd.co/1LGLWUU

Make sure to check out their tool httpscreenshot: https://github.com/breenmachine/httpscreenshot

Follow Justin on Twitter: https://twitter.com/jstnkndy

Follow Steve on Twitter: https://twitter.com/breenmachine

Follow Sam on Twitter: https://twitter.com/samhouston

Check out Bugcrowd.com to learn more about joining our security researcher community: http://bugcrowd.com/researchers

We chat with Scott Robinson and Rob at the Bugcrowd Ops AMA Lounge at DEFCON 23. Scott and Rob talk about the presentations they've checked out at DEFCON, as well as a tip for bug bounty hunters.

Check out the Vulnerabilities in File Formats presentation from DEFCON 23 (PDF): http://bgcd.co/1TxUbIu

We spoke with Mathias "Avlidienbrunn" Karlsson at this year's DEFCON 23.

Follow Mathias on Twitter: https://twitter.com/avlidienbrunn

Find Mathias on Bugcrowd: https://bugcrowd.com/avlidienbrunn

Check out Bugcrowd's latest bug bounties here: https://bugcrowd.com/programs

Podcast Show Notes (what we recommend you check out):

HallwayCon

Network and meet your fellow security professionals and pentesters that are in Vegas. This is the best chance all year to meet others and expand your professional network. Attend talks that you’re interested in and have fun at parties, but always make sure to spend time meeting new people.

If you’re looking for folks to hangout with at DEFCON, come to the Bugcrowd Ops AMA Lounge!

Jason Haddix’s notes from the Podcast -

Black Hat

Android Security State of the Union - Adrian Ludwig

Server-side Template Injection: RCE for the Modern Web App - James Kettle

Defeating Pass the Hash: Separation of Powers - Seth Moore & Baris Saydag

The Tactical Application Security Program: Getting Stuff Done - Cory Scott & David Clintz

Red vs Blue: Modern Active Director Attacks, Detection, and Protection - Sean Metcalf

Stagefright: Scary Code in the Heart of Android - Joshua Drake

Faux Disc Encryption: Realities of Secure Storage on Mobile - Daniel Mayer & Drew Suarez

(BlackHat Arsenal) Intrigue.io - Jonathan Cran

AH! Universal Android Rooting is Back! - Wen Xu

Zigbee Exploited the Good, the Bad, and the Ugly - Tobias Zillner & Sebastian Strobl

Andy White’s notes from the Podcast:

DEFCON

Machine vs. Machine: Inside DARPA’s Fully Automated CTF - Michael Walker & Jordan Wiens

BSides LV

AI and CND - implications for security in the era of Artificial Intelligence - Dan Mitchell

Kymberlee Price’s notes from the Podcast:

Bugcrowd Researchers speaking:

BSides LV: Josh Louden (Exodus) - Adding +10 Security to Your Scrum Agile Environment

DEFCON: John Menerick (pwn) - Backdooring Git

Joshua Drake (jduck) - Stagefright at Black Hat and DEFCON