leHACK is Back!

Categories
2022 Bug Bounty conferences
About the event

Since 2003, leHACK, the iconic underground hacking conference organised by HZV, aims to gather cybersecurity professionals and hackers of all levels. Through conferences, workshops and challenges, participants will be able to discover the latest technical advances but also evaluate their skills.

As a historical partner of this event, YesWeHack will be present during these two days of fun and hacking, on June 24 & 25!

WHAT to expect?

😎 Lots of fun!

📍 Meet the YesWeHack team on booth F (level S2, in front of the patio) to grab some nice swags and discuss with our team about Bug Bounty!

💻 From Saturday 09:30am until Sunday, June 26th, 06:00am, we’ll hold a Live Bug Bounty with an exceptional partner. All leHACK attendees are welcome to join in! Be prepared, it should be huge! Partner companies and scopes will be revealed on stage, during the opening keynote of 9:30am, by Selim Jaafar, Head of Customer Success at YesWeHack.

👀 Take part in our special challenge created by BitK and Hisxo! During the two days of leHACK, reach the top of the leaderboard to win a virtual reality headset (Oculus Quest 2) – perfect to test our new VR game, YesWeHackVR!

🔐 Don’t miss the workshop of our Tech Ambassador BitK on Saturday, June 25th at 10:00pm, in Room 3, level S3, about:

Template Injection On Hardened Targets

During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution. At the end of the talk, he recommended running application in containers with limited privileges and read-only file system. Six years later, containers are now the standard of web-app deployment and getting code execution inside a well isolated container can be seen as low impact.

In this workshop we will explore new template injection techniques specially crafted for hardened environment.
We will focus on two environments:

  • Python with Flask / Jinja2
  • JavaScript with Express / Vue

 

We will build our own tooling in Python to solve a series of challenges with increasing difficulty.

Required for the workshop:

  • Experience in Python/JavaScript
  • Basic Docker skill

🏆 Bonus: BitK has also prepared 3 challenges for the CTF competition… try to solve them!

how to Take part in our Live Bug Bounty
  • You must be registered for leHACK 2022 and present onsite.
  • To join the Live Bug Bounty, you must have an account on YesWeHack’s Bug Bounty platform.

Via their registration, Live Bug Bounty Hunters at leHACK 2022 will be subject to the terms of use of the YesWeHack Bug Bounty platform.

If you have any question, you can check with the YesWeHack staff directly at leHACK 2022.


Interested in knowing more about crowdsourced security? Feel free to contact us and one of our Bug Bounty experts will reach out.


Date(s): 24/06/2022 - 25/06/2022 | All Day

Location(s): Cité des Sciences et de l’Industrie | 30 Avenue Corentin Cariou | Paris | France