Hacking Customized IDE Distributions: Methodology Behind Six Figures in Bug Bounties (<– add to your schedule)
Customized IDE distributions pose a lucrative attack surface due to the interconnected systems they interact with, usually highly privileged. This talk covers high level technical ecosystem architectures, IDE threat modeling, common attack vectors, and takes a stab at defining an IDE exploitation kill chain. While specific bug bounty targets and findings remain undisclosed, the methodology developed while producing them will be covered.
Nick Copi:
Nick Copi is a full time bug bounty hunter targeting web applications, cloud infrastructure, desktop apps, and pretty much anything with an attack surface. His background spans application security engineering, full stack development, and a long track record of CTF competition wins. He’s presented technical talks at security conferences and regularly publishes and reviews security research. A Richmond area native, Nick skipped his own high school graduation to attend his first RVASec, so he keeps coming back. When he’s not chaining interesting gadgets into full exploits, he’s probably thinking about it.