YesWeHack at Unlock Your Brain, Harden Your System 2024

What's UYBHYS?

Taking place in the far far west (of France), the 9th edition of the infosec event 'Unlock Your Brain, Harden Your System' will take place on November 8 to 9. As usual in this Brest-based event, you can expect two days of insightful workshops and conferences, to make sure you know all about the latest cybersecurity research and trends.

If you're interested in attending UYBHYS, check out the event's program and have a look at the ticket office!

Two must-see sessions

More than sponsoring the event, YesWeHack will be present at UYBHYS through two must-see sessions:

1️⃣ A two-hour workshop conducted by our Tech Ambassador Lucas Philippe aka BitK on "Detecting and exploiting prototype pollution in JavaScript applications"

📆 November 8th, 10:00AM - 12:00PM

Prototype pollution is a critical vulnerability in JavaScript applications, exploiting the prototype inheritance feature to introduce malicious properties. This workshop will provide an in-depth, hands-on experience to help participants understand, identify, and mitigate prototype pollution vulnerabilities.

You can find more details about his workshop here!

2️⃣ A 45-min talk by Tom Chambaretaud aka Aethlios, Technical Lead & Security Analyst at YesWeHack, on "Insecure time-based secret in web applications and Sandwich Attack exploitation"

📆 November 9th, 11:15AM - 12:00PM

Following discoveries during bug bounties, I have focused my research on poor practices related to time-based secrets in web applications. This presentation aims to provide an overview of these poor practices and show how to detect and exploit them.

Through the creation of an open-source tool [Reset Tolkien], a demo with practical cases, similar to those found in discovered bugs, will be presented.

About YesWeHack

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform used by hundreds of organisations and tens of thousands of bug hunters worldwide. Built and run by ethical hackers since 2015, our Bug Bounty platform offers fast, in-house triage, fair rewards and prompt payouts, and compliance with stringent EU data security laws.

YesWeHack manages hundreds of private and public programs and holds regular Live Hacking Events. Bug Bounty programs include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces.

Bug hunting is boosted by YesWeHack’s CTF playground/training platform (Dojo), various bug hunting tools, responsible vulnerability disclosure platform (ZeroDisclo.com), non-partisan Bug Bounty/VDP search engine (FireBounty.com), and a blog featuring technical tips and interviews.