Catch the flag, catch the (real!) gold

Did you ever have the chance to win a pure gold medal ?
THIS IS HAPPENING : Join us next week, on the 18th of June, at the Alibaba Security Meetup-hacker Community Event organized by Alibaba Security and Lazada in partnership with YesWeHack

Highlights of the evening

Hacking game

  • 1h to solve
  • 3 levels
  • All of them are real vulnerability from bug bounty
    🏅 Pure gold medal for Top 1 🏅
  • @BitK_ will gives the solution and shares tips and tricks about how to find a vulnerability.

Pick a lock game

  • Nine different locks and tools
  • Learn about the vulnerabilities of lock and locking devices
  • Try to pick a lock by yourself.

New bug bounty

  • ASRC private bug bounty program
  • ASRC Vulnerability Rewards Program


  • Dinner & Beer
  • Break ice and Gather stamps Game


17:30-18:00 Sign in
18:00-18:30 Ice breaking game & Dinner& networking
18:30-19:40 Hacking game & Pick a lock game
19:40-19:50 Bug Bounty Announce
19:50-20:00 Award ceremony for hacking game
20:00-20:30 One session
20:30-21:00 Gives the solution to the hacking game and shares tips and tricks about how to find a vulnerability.

Hacking game


Do you think XSS is “low hanging fruit” ?
So just exploit it on the website provided during the event and call alert(document.domain).

There are 3 levels of increasing difficulty each one is worth 100pts, and they are real XSS discovered on bug bounty…
For each step submit your payload to @yeswehack

All your payloads will be tested on a default installation of Chrome 75
At the end of the timer, the one with the most points will be declared the winner.

If two players have the same score, the first one to reach the score will be declared the winner.


This is an XSS challenge, no need to brute force or automated tools.
This is NOT a cryptography challenge.
Your solution for each step will be a single link.
Just bring your laptop and chrome75 installed

About the event

Alibaba Security Meetup is a security event hosted by Lazada and ASRC. 
The goal of these meet-ups is to build a strong “security community” within the South East Asia. 
By becoming a member of such a community, you will get to:

  1. Learn about the new trends within the Information Security domain.
  2. Participate in the CTF and win prizes.
  3. Learn more about the ASRC bug bounty platform.
  4. Collect swags and relish food and drinks while networking with your peers in the domain of information security.
    The goal of these meet-ups is to build a strong “security community” within the South East Asia. By becoming a member of such a community, you will get to

For more details about ASRC Vulnerability Rewards Program, please visit:

See you next week Singapore

Let’s break stuff together Singapore : YesWeHack is coming up with a brand new CTF at Infosec in the City !


Infosec in the City Singapore is a premier techno-centric cybersecurity event, bringing together top cybersecurity leaders from both the East and the West to share deep-technical insights, and build the next-generation cybersecurity capabilities around the globe.

Visit YesWeHack at booth 5N7-01 to learn how you can make cybersecurity an accelerator of your digital transformation with Bug Bounty!

Get a product demo, meet our team, grab your loot and break the codes 

You want to challenge your skills and get reward?

CTF in THE CITY by YesWeHack

The CTF competition is open to all conference ticket holders and visitors to play, enjoy and compete. Participants simply have to come at the YesWeHack booth, in front of the CTF area, 5N7-01, or directly to the CTF Area.

Ready to hack ?

The CTF will have multiple categories of challenges and different levels from beginner to advanced… But only the best will get the prizes :

Centurion Information Security will give SGD 1000 in cash (1st $500, 2snd $300, 3rd $200)
HITB will give one ticket to attend HITB Singapore (27-31 August 19) – value of 1,199 USD

CTF sponsored and created by YesWeHack
Prizes by HITB and Centurion Information Security

YesWeHack – Europe’s leading bug bounty platform – is opening an office in Singapore

YesWeHack – Europe #1 bug bounty platform – has announced that it is opening an office in Singapore. The new office is part of YesWeHack’s fast-growth strategy for its international activities following a €4 million fundraising at the start of the year.

YesWeHack is consolidating its global positioning in a sector that will transform the cybersecurity industry over the next five years.

Kevin Gallerin has been appointed Managing Director APAC to develop YesWeHack’s strategy in Asia. Having spent more than ten years in the region, he knows the Asian cybersecurity market inside out, having notably participated in the launch of CERT-LEXSI in Singapore.

+ Read More