Open My Heart – Live Bug Bounty at HITBSecConf 2022 Singapore

Categories
2022 Bug Bounty conferences
About the event

Hack In The Box Security Conference, or HITBSecConf, is an annual must-attend event for security researchers and professionals. It is a platform for the discussion and dissemination of next-generation computer security issues. This event will consist of two days of hands-on technical training and a two-day conference featuring hardcore technical talks delivered by some of the most respected names in computer security.

Calling all researchers! Are you looking for a challenge? It is our pleasure to announce that YesWeHack will be hosting Open My Heart, an exclusive Live Bug Bounty with our esteemed partner during HITBSecConf 2022 Singapore !

Come join us for two days of fun and hacking!
WHAT to expect?

😎 A Live Bug Bounty with challenging and exclusive scopes prepared by our esteemed partner, exclusively for HITBSecConf 2022 Singapore. Hunting time slots:

  • August 25, 10:00am – 5:00pm SGT (Hunters can continue to hunt until the event venue close at 7:00pm)
  • August 26, 10:00am – 4:00pm SGT

 

📍  An encounter with our team at the InterContinental Singapore. Our team will be at booth 2, area D (CommSec Exhibition) from 9:00am to 6:30pm SGT on both days. Come chat with us about Bug Bounty & VDP and pick up some cool swags!

🎤A must-attend workshop! At 2:00pm SGT on Thursday, 25 August 2022, BitK, our very own Tech Ambassador, will be hosting a workshop in the CommSec Track.

He will be sharing about:

Template Injection On Hardened Targets

During his Black Hat 2015 presentation, James Kettle explained how template injections could lead to code execution. At the end of the talk, he recommended running application in containers with limited privileges and read-only file system.
Six years later, containers are now the standard of web-app deployment and getting code execution inside a well isolated container can be seen as low impact.


In this workshop we will explore new template injection techniques specially crafted for hardened environment.


We will focus on two environments:

• Python with Flask / Jinja2
• JavaScript with Express / Vue

We will build our own tooling in Python to solve a series of challenges with increasing difficulty.


Required for the workshop:

• Experience in Python/JavaScript
• Basic Docker skill

how to Take part in our Live Bug Bounty
  • To join the Live Bug Bounty, you must have an account on YesWeHack’s Bug Bounty platform.
  • Let us know you are coming! RSVP here.
  • Drop by HITBSecConf 2022 Singapore! Be sure to tell the friendly folks at the registration area that you’re here for YesWeHack’s Live Bug Bounty. The event registration team will get you registered for the event.
  • Head to our booth. We are located at booth 2, in area D of the CommSec exhibition hall. Our team will share with you how to join in the Live Bug Bounty!


Via their registration, Live Bug Bounty Hunters at HITBSecConf 2022 Singapore will be subject to the terms of use of the YesWeHack Bug Bounty platform.

If you have any question, you can check with the YesWeHack staff directly at HITBSecConf 2022 Singapore.

RSVP
About YesWeHack

YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2015, we offer an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered). We connect organisations with tens of thousands ethical hackers from 170 countries to secure their exposed scopes. YesWeHack runs private and public programs in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.

Contact us

Date(s): 25/08/2022 - 26/08/2022 | 10:00 am - 4:00 pm

Location(s): InterContinental Singapore | 80 MIDDLE ROAD | SINGAPORE | Singapore