YesWeHack heads to DEF CON 32 as Bug bounty village debuts

YesWeHack at DEFCON32

LIAISE WITH US IN LAS VEGAS!

We’re delighted to reveal YesWeHack’s involvement in the upcoming edition of DEF CON, the legendary hacker convention in Las Vegas!

DEF CON 32 takes place at the Las Vegas Convention Centre between August 8-11, 2024.

YesWeHack contributions will include:

🐞 Sponsoring the inaugural Bug Bounty Village

🧠 BitK, our Tech Ambassador, will participate in a panel debate about the world of Bug Bounty

🛠️ BitK will also deliver a workshop on ‘Prototype Pollution in Depth, From Beginner to 0-day Hunter’

🧪Attendees of a workshop about bypassing web application firewalls (WAFs) will tackle labs hosted on our very own Dojo platform

Brumens, our researcher enablement analyst and Carlos Torres, our senior account executive for North America, will also represent YesWeHack at the world’s most famous hacker convention.

Bug Bounty panel debate

BitK, YesWeHack tech ambassador, security researcher and a member of legendary CTF team Hexpresso CTF, will join representatives from HackerOne, Intigriti and SynAck on a panel of Bug Bounty community leaders. The panel will field questions about Bug Bounty trends and best practices, and the future of crowdsourced security.

French bug hunter and red teamer Roni Carta, aka ‘Lupin’, will moderate the panel. Attendees have been invited to send questions in advance of the event. The panel debate will take place on Friday, 9 August, between 11am-12pm, in the Village Classroom.

This debate is part of the lineup at DEF CON’s first-ever Bug Bounty Village, which YesWeHack is sponsoring alongside Google, PortSwigger and others.

Prototype Pollution in Depth, From Beginner to 0-day Hunter

BitK (aka Lucas Philippe) will deliver a workshop in the Bug Bounty Village called ‘Prototype Pollution in Depth, From Beginner to 0-day Hunter.

This also takes place on Friday 9 August, in the Village Classroom, between 3:00pm-4.30pm.

“We will first try to understand the subtleties of the Javascript prototype chain,” reads BitK’s précis. “Then, we will explore different techniques for black box detection. Finally, we will use pp-finder [a tool BitK co-developed with SakiiR] to find new RCE gadgets in popular libraries.”

Attendees are expected to bring at least basic JavaScript knowledge and a docker-equipped computer to the session.

WAF-bypass workshop

Our CTF training platform, Dojo, will feature in a workshop about bypassing web application firewalls (WAFs), presented by Akamai security researcher Ryan Barnett and cybersecurity student Isabella Barnett. Attendees will tackle hands-on labs hosted on Dojo and created by Brumens, our in-house hunter.

The workshop, entitledLost in Translation – WAF Bypasses by Abusing Data Manipulation Processes’, takes place on Sunday 11 August between 11.00am-12.30pm.

The Bug Bounty Village will feature various other talks, trainings and workshops across three days that will, according to DEF CON, “foster a deeper understanding of bug bounty programs and to enhance the skills of participants through practical challenges and knowledge-sharing sessions. It aims to bridge the gap between bug bounty platforms and researchers, providing insights into successful strategies, legal considerations, and ethical practices in bug bounty hunting.”

Finally, don’t forget to say hello if you happen to spot any of our representatives in the ‘Entertainment Capital of the World’: BitK, Brumens or Carlos Torres!

Find out more about DEF CON, including how to register for the event.

ABOUT YESWEHACK

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform used by hundreds of organisations and tens of thousands of bug hunters worldwide. Built and run by ethical hackers since 2015, our Bug Bounty platform offers fast, in-house triage, fair rewards and prompt payouts, and compliance with stringent EU data security laws.

YesWeHack manages hundreds of private and public programs and holds regular Live Hacking Events. Bug Bounty programs include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces.

Bug hunting is boosted by YesWeHack’s CTF playground/training platform (Dojo), various bug hunting tools, responsible vulnerability disclosure platform (ZeroDisclo.com), non-partisan Bug Bounty/VDP search engine (FireBounty.com), and a blog featuring technical tips and interviews.