Tell us about yourself, your background ?
I'm Lucas also know as BitK, I am 28 y/o. I'm a French guy who lives in Lyon. If you play CTF we have probably already met during an on site event as I play a lot of them with the French team Hexpresso.
Before joining YesWeHack I was writing / reversing software for power plants.
I'm also a bug hunter, I've been in the top 10 hackers on YesWeHack Bug Bounty platform since the launch of the platform.
Why did you join YesWeHack and what is your role ?
It's a team that I've known for quite some time through CTF, Bug hunting and HZVCommunity & Events ( LeHack ).
We share the same principles and I do like the idea of bringing tools to the community.
My role as Tech Ambassador within YesWeHack will be to support the hackers’ community, by providing tools, talks and workshop. I’ll attend the YesWeHack sponsored events, having great time with bug hunters and IT security researchers.
As a bug hunter and CTF player what are you driven by ?
To me, bug hunting is a lot like a puzzle game, I feel like every software, application is vulnerable to some kind of exploitation, you just need to find how.
Writing software is a difficult job, and developers are still human beings, so they make mistakes : our job is to find those mistakes and help developers to fix them before it gets worse.
One thing I love about the hacker community is the willingness to share information, tips or tools. There is always someone better than you in a specific field and most of the time those people will share their knowledge if you ask nicely.
What are the benefits of CTF (Capture The Flag) for those who want to start bug hunting ?
CTF is a bit different from bug bounties, the major difference is that in CTF you know that a vulnerability is there, you goal is “just” to exploit it.
So usually CTF tasks are quite small, you need to exploit a very specific bug. While in bug bounties, you are hacking real enterprise, their website can be huge and sometime you can find yourself lost in the scope. Bug Bounty has a whole reckon phase that CTF don’t have, it’s a new skill to learn.
CTF and Bug Bounties are different, but most of the time I use tricks and tips I’ve learn during CTF to exploit real life application in Bug Bounty.