Challenges Events

Singapore Polytechnic partners with YesWeHack to hold its first-ever bug bounty event

Singapore Polytechnic (SP) successfully concluded its first ever bug-bounty event, held in partnership with YesWeHack, Europe’s leading bug bounty platform.

The first-ever held by the institution, the workshop brought more than 30 second- and third-year students from the Diploma in Infocomm Security Management back to school from their vacation as they learnt the ins and outs of bug-bounty hunting. 

The workshop began with a bug bounty crash course led by BitK, a renowned French security researcher, bug hunter and Tech Ambassador at YesWeHack.

After equipping them with highly specialised bug hunting skills, he led students in a live experience to discover vulnerabilities and bugs in two selected applications.

During the bug bounty hunt, the Singapore Polytechnic students found a total of nine critical vulnerabilities in the applications, and by the end of the workshop, one group successfully penetrated and gained full admin rights to one of the applications – impressive for the first timers!

Bug bounty programs are a growing industry best practice, implemented by both public and private sector organizations across multiple sectors in Singapore. With cyber-attacks growing in scale and complexity, bug bounty has been recognised by the Singapore Government as an initiative to strengthen collaboration with the cybersecurity community to safeguard systems and digital services. 

Life-long learning plays a significant role in advancing Singapore’s digital defence mandate. Equipping and exposing future talents to the latest technologies and practices creates a highly-skilled and sustainable workforce, which is especially vital in the area of cybersecurity, which is fast evolving. 

This is well in line with Singapore Polytechnic’s ongoing efforts to keep the Diploma in Infocomm Security Management (DISM) course relevant with industry demands. Through the bug bounty event, students gain the technical know-how to detect bugs that are generally difficult to find using normal tools or techniques. Moreover, the out-of-curriculum activity complements the lessons taught in the course by allowing students to apply their existing skills and knowledge to real-life situations. 

“The bug bounty workshop was well-received with our students. At Singapore Polytechnic, we aim to equip our students with the latest knowledge and skills. We are confident that the bug-bounty session gave our Infocomm Security Management students an insight into the cybersecurity industry and we’re exploring the inclusion of bug bounty programmes as part of the curriculum in the diploma course,” said Samson Yeow, Course Chair, Diploma of Infocomm Security Management, Singapore Polytechnic.

“Throughout my education at Singapore Polytechnic, I’ve had the opportunity to attend cybersecurity events like Capture-The-Flag competitions, which has allowed me to learn new things and further enhance my skills. Bug-bounty is very different, you’re trying to exploit a real and live application. This raises the difficulty level and requires me to pick up new skills and knowledge that cannot be found in a school environment,” said Jonathan Tan, a Year 3 Infocomm Security Management student.

“Singapore Polytechnic is setting a great example by taking a bold move to explore bug bounty as part of its course module. As one of the first tertiary institutions in Singapore to equip students with industry-level bug-bounty skills, we are excited to partner with them to explore ways to further enhance the learning experience for their future talents,” said Kevin Gallerin, Managing Director, Asia Pacific, YesWeHack. “Ethical hacking will increasingly become a larger focus as organisations tackle the cybersecurity threat, and training needs to start from young.”

Challenges Events

Catch the flag, catch the (real!) gold

Did you ever have the chance to win a pure gold medal ?
THIS IS HAPPENING : Join us next week, on the 18th of June, at the Alibaba Security Meetup-hacker Community Event organized by Alibaba Security and Lazada in partnership with YesWeHack

Highlights of the evening

Hacking game

  • 1h to solve
  • 3 levels
  • All of them are real vulnerability from bug bounty
    🏅 Pure gold medal for Top 1 🏅
  • @BitK_ will gives the solution and shares tips and tricks about how to find a vulnerability.

Pick a lock game

  • Nine different locks and tools
  • Learn about the vulnerabilities of lock and locking devices
  • Try to pick a lock by yourself.

New bug bounty

  • ASRC private bug bounty program
  • ASRC Vulnerability Rewards Program


  • Dinner & Beer
  • Break ice and Gather stamps Game


17:30-18:00 Sign in
18:00-18:30 Ice breaking game & Dinner& networking
18:30-19:40 Hacking game & Pick a lock game
19:40-19:50 Bug Bounty Announce
19:50-20:00 Award ceremony for hacking game
20:00-20:30 One session
20:30-21:00 Gives the solution to the hacking game and shares tips and tricks about how to find a vulnerability.

Hacking game


Do you think XSS is “low hanging fruit” ?
So just exploit it on the website provided during the event and call alert(document.domain).

There are 3 levels of increasing difficulty each one is worth 100pts, and they are real XSS discovered on bug bounty…
For each step submit your payload to @yeswehack

All your payloads will be tested on a default installation of Chrome 75
At the end of the timer, the one with the most points will be declared the winner.

If two players have the same score, the first one to reach the score will be declared the winner.


This is an XSS challenge, no need to brute force or automated tools.
This is NOT a cryptography challenge.
Your solution for each step will be a single link.
Just bring your laptop and chrome75 installed

About the event

Alibaba Security Meetup is a security event hosted by Lazada and ASRC. 
The goal of these meet-ups is to build a strong “security community” within the South East Asia. 
By becoming a member of such a community, you will get to:

  1. Learn about the new trends within the Information Security domain.
  2. Participate in the CTF and win prizes.
  3. Learn more about the ASRC bug bounty platform.
  4. Collect swags and relish food and drinks while networking with your peers in the domain of information security.
    The goal of these meet-ups is to build a strong “security community” within the South East Asia. By becoming a member of such a community, you will get to

For more details about ASRC Vulnerability Rewards Program, please visit:

See you next week Singapore

Challenges Events

Let’s break stuff together Singapore : YesWeHack is coming up with a brand new CTF at Infosec in the City !


Infosec in the City Singapore is a premier techno-centric cybersecurity event, bringing together top cybersecurity leaders from both the East and the West to share deep-technical insights, and build the next-generation cybersecurity capabilities around the globe.

Visit YesWeHack at booth 5N7-01 to learn how you can make cybersecurity an accelerator of your digital transformation with Bug Bounty!

Get a product demo, meet our team, grab your loot and break the codes 

You want to challenge your skills and get reward?

CTF in THE CITY by YesWeHack

The CTF competition is open to all conference ticket holders and visitors to play, enjoy and compete. Participants simply have to come at the YesWeHack booth, in front of the CTF area, 5N7-01, or directly to the CTF Area.

Ready to hack ?

The CTF will have multiple categories of challenges and different levels from beginner to advanced… But only the best will get the prizes :

Centurion Information Security will give SGD 1000 in cash (1st $500, 2snd $300, 3rd $200)
HITB will give one ticket to attend HITB Singapore (27-31 August 19) – value of 1,199 USD

CTF sponsored and created by YesWeHack
Prizes by HITB and Centurion Information Security

Events YesWeHack News

FIC 2019: YesWeHack’s community, NGOs & CivicTech unite through a unique Bug Bounty Campaign.

For this edition of FIC 2019, YesWeHack is organizing, for the first time in the history of FIC, a special event dedicated to Bug Bounty.

The International Cybersecurity Forum: the European reference event bringing together all stakeholders in digital trust will take place on 22 and 23 January.

This unprecedented bug bounty campaign will take place in an original space reserved for dozens of security researchers so that they can operate over several scopes, and where applicable, earn rewards according to the criticality of the reported vulnerabilities.

For this Premiere, the scopes are submitted by NGOs and CivicTech projects wishing to harden their systems and thus better protect their information assets and their reputation.

YesWeHack has chosen this year to help NGOs and Civictech as a priority, because many European citizens use tools developed by this sector to contribute to the common good, democracy, associative and charitable projects.

“For all actors, customers, developers and researchers, this Bug Bounty campaign within the 2019 FIC is a great and useful opportunity to exchange and confront the reality of threats in order to significantly increase the level of security and privacy by design”

Guillaume Vassault-Houlière – CEO @YESWEHACK

The Bug Bounty’s area will welcome bug hunters who will cooperate with “program managers” from the selected projects with the support of Romain Lecoeuvre, the CTO of the YesWeHack team.

The rewards will be of two types: a total prize pool of several thousand euros is planned to reward the best researchers and goodies collectors will delight some players.


#NDH16 : Knowledge is power

In 2018, for the first time, La Nuit du Hack takes place at La Cité des Sciences et de l’Industrie  in Paris.

YesWeHack is proud to be one of the numerous Platinum Sponsors of #NDH16 ! We are longing for having Fun and meeting you Folks in this temple of science.

Photo by HZV


In this age of panic where the powers in place are trying to mitigate “fake news” (well… let’s say more precisely propaganda or misinformation), La Cité des Sciences et de l’Industrie symbolizes knowledge in many ways, Science is one the best allies to counterattack lies and conspiracy theories.

As a famous place in Paris, La Cité des Sciences et de l’Industrie provides through three levels : a 900 seat amphitheater, 2000m2 of exhibition area and one space called the « Loft » with its 1000m2 fully dedicated to hacktivities and games orchestrated by the HZV’s Team <3

Gravity, Density & Fun

So for this edition, La Nuit du Hack is going to deliver its thoroughness and richness with : 14 talks, 10 workshops, 6 Challenges, 1 Private CTF, On Site Bug Bounties and a Confessional .


Shall We Play A Game ? Yes We Shall ⠵

Yes We Hack is proud to be platinium Sponsor for the 15th “la Nuit du Hack” next June 24 & 25 \o/

The forthcoming Nuit Du Hack is about to gather more than 2000 people from all over Europe !

Check the schedule !

☠ ☠ ☠

A bit of History :

Originally, la Nuit du Hack was created by Paulo Pinto aKa CrashFR.

“La Nuit Du Hack” is one of the oldest French underground hackers’ event which bring together, professionals and amateurs of any skill level, around lectures and challenges.

At the very beginning of la Nuit du Hack in 2003, the budget was lower than 1 k€.

Started with 20 persons, the event never stopped growing up by gathering more and more people from amateurs to professionals.

Now, it has reached 170 k€ thanks to the HackerzVoice Team, Géraldine and almost 100 volunteers 🙂

Events YesWeHack News

YesWeHack winner of the Jury’s Favorite Prize #FIC2017

YesWeHack Team is honored to have received the #FIC2017 Jury’s Favorite Prize

This Jury’s Favorite Prize proves that our products meet the challenges of today: the hiring of talents and the need for agile security. This award will allow us to strengthen our leadership in France and above all to boost us to conquer the Euro zone, that is our priority for 2017 !

Guillaume Vassault-Houlière, Yeswehack CEO


Congratulations to the winners :

  • Prove & Run
  • GateWatcher 

We do thank all members of the Jury

  • François Lavaste, Président CyberSecurity, Airbus Defence and Space
  • Alain Bouillé, RSSI, Caisse des Dépôts et Président du CESIN (Club des experts de la sécurité de l’information et du numérique)
  • Gilles Daguet, General Partner, ACE Management
  • Thierry Delville, Inspecteur général de la Police nationale, Délégation ministérielle aux industries de sécurité
  • Laurent Dumas Crouzillac, Associé, CapHorn Invest
  • Thomas Fillaud, Chef de bureau, Politique industrielle et Assistance (PSS), ANSSI
  • Philippe Gaillard, Associé, CyberD Capital
  • Joseph Graceffa, R&D-SSI, CLUSIR Nord de France
  • Jacques Hébrard, Commandant, Région gendarmerie Hauts de France
  • Geoffroy Hermann, Chef du bureau Réseaux & Sécurité, DGE
  • Jacques-Benoît Le Bris, DSI, Solvay
  • Olivier Ligneul, RSSI, Groupe EDF
  • Thierry Olivier, RSSI, Société Générale
  • Frédéric Valette, Responsable du pôle SSI, Direction générale de l’armement, Ministère de la Défense
  • Yves Veret, Senior Advisor Sécurité Numérique & Technologie de l’information CALAO Finance


For those who do not know the FIC aka International Cybersecurity Forum (Hosted in Lille – France)

The International Cybersecurity Forum is a platform aiming at promoting a pan-european vision of cybersecurity as well as to strengthen the fight against cybercrime.

In order to do so, the FIC relies on :

• The trade show, to share knowledge and ideas, recruit new employees and maintain contacts
• The forum, to discuss and debate with experts, to gather ideas and to share professional lessons
• The Observatory, to continue exchanging views and information after the FIC, to explore topics in greater depth and to consolidate our network of experts and like minded throughout the year


See you soon #FIC2017 !



YesWeHack Team will attend “les Assises de la sécurité”

From 5 to 8 October 2016, join us for the 16th edition of Les Assises.

“Les Assises de la sécurité” is a key annual event for any professional who is keen on Information Systems Security.

Les Assises will gather more than 2000 people in Monaco to discuss what is at stake in terms of IT security.

YesWeHack Team will be represented by Manuel Dorne aKa Korben & Guillaume VASSAULT-HOULIÈRE aKa Freeman. On October 5 at 5 pm, Guillaume will participate in a round table “Are the search for security breaches and the collaborative economy compatible ?”

YesWeHack Team has a strong experience within Hackers’ communities and the way they deal with legal and accountable disclosure of vulnerabilities.