This week was packed. Between LeHack and a round table on AI, I got to see a lot of friends again and meet new people.
LeHack
Like every year, LeHack happens at La Villette, and this year was no exception. France was in the middle of a heatwave, so I was more than happy to leave my apartment with no AC and head into a big air-conditioned building.
I got to catch up with all the friends and have a great time together. It's kind of the Paris meetup of the year for me. Not to go watch the talks (I still haven't seen a single one) but to hang out.
It's also the chance to meet people. It always feels good to get stopped and meet readers of this little blog in real life. That warms my heart.
There's also always the YesWeHack Live Event Bug Bounty, and this year it was on Puma. I wasn't very motivated to hunt this time, mostly because I figured it would be a mess with AI in the mix and a bit less fun.
In the end there were still more than 200 vulnerabilities reported. On my side, two nice criticals, both duplicates, and pretty old ones, so it didn't really push me to keep going. No big deal, I made great connections and had some awesome conversations.
Big gg to my friends Worty and Vozec who won this LHE this year, with some seriously nasty vulns.
The round table
I also got invited by the Clusif (Hocine in particular, a triager at the Caisse des Dépôts) to do a round table on AI and offensive security.
I had never done a round table before. I didn't even know what it meant, but I said yes anyway because it always opens up good opportunities.
So there were four of us on stage, talking for 45 minutes about AI and offsec. And it was really interesting. It's not an exercise I'm used to, especially since we prepared it beforehand, lining up the questions and what we were going to talk about.
Arriving that morning, I realized how different it was from my world and what I'm used to. At LeHack everyone is chill, in a YesWeHack t-shirt, relaxed. Here everyone is in a suit, much more corporate.
And listening to the previous round table, you really feel that corporate side. It's all compliance, SOC 2, regulation, areas I'm pretty far from as an independent bug hunter.
But that's also what made it interesting: getting to bring my view of the job and what it looks like from the inside. Because using AI isn't the same when you're on your own picking your provider as when you're part of a CAC 40 company with its own rules and habits, where everything is slower to put in place.
It was a great experience, and thanks again to Hocine for the invitation.
Hacking and AI
To stay on the topic, I got to lay out everything we're living in bug bounty since agents showed up, the good and the bad.
And seeing the program side, the big-company side, was interesting. Their processes are longer, but they also seem a lot more enthusiastic about it.
Anyway, all of this is still moving fast and changing month to month. So while we wait for it to settle, we adapt like we always have and keep going.
On that note, I'm off for a few days of vacation in the mountains, hoping the possible heatwave doesn't reach us. Have a good end of the week.
Comments