Sometimes you find bugs, sometimes bugs find you
Jasmin Landry JR0ch17
DEF CON 33 (backfill) · Day 1 · Main Stage
In the dynamic world of cybersecurity, the pursuit of vulnerabilities often involves meticulous reconnaissance, advanced tooling, and complex exploit chains. However, as Jasmin Landry (JR0ch17) illuminated in his DEF CON talk, "Sometimes you find bugs, sometimes bugs find you," luck and unexpected discoveries play an equally significant role for bug bounty hunters. Landry, a seasoned professional with a background spanning 12 years in IT and cybersecurity, including a tenure as Senior Director of Information Security at NASDAQ, shared a collection of personal anecdotes where vulnerabilities manifested themselves through unforeseen circumstances.
AI review
Entertaining war-story format with a couple of genuinely interesting findings — the Ansible SSTI-to-root-RCE chain via Jinja2 lookup pipe and hex-encoded filter bypass is the clear highlight and shows real lateral thinking. Everything else is competent bug bounty storytelling but nothing that will meaningfully advance how experienced practitioners think or operate.