Catch the flag, catch the (real!) gold

June 11, 2019

Did you ever have the chance to win a pure gold medal ?
THIS IS HAPPENING : Join us next week, on the 18th of June, at the Alibaba Security Meetup-hacker Community Event organized by Alibaba Security and Lazada in partnership with YesWeHack.

Highlights of the evening

Hacking game

  • 1h to solve
  • 3 levels
  • All of them are real vulnerability from bug bounty
    ? Pure gold medal for Top 1 ?
  • @BitK_ will gives the solution and shares tips and tricks about how to find a vulnerability.

Pick a lock game

  • Nine different locks and tools
  • Learn about the vulnerabilities of lock and locking devices
  • Try to pick a lock by yourself.

New bug bounty

  • ASRC private bug bounty program
  • ASRC Vulnerability Rewards Program

Other

  • Dinner & Beer
  • Break ice and Gather stamps Game

Agenda

  • 17:30-18:00 Sign in
  • 18:00-18:30 Ice breaking game & Dinner & networking
  • 18:30-19:40 Hacking game & Pick a lock game
  • 19:40-19:50 Bug Bounty Announce
  • 19:50-20:00 Award ceremony for hacking game
  • 20:00-20:30 One session
  • 20:30-21:00 Gives the solution to the hacking game and shares tips and tricks about how to find a vulnerability

Hacking game

Description

Do you think XSS is “low hanging fruit” ?
So just exploit it on the website provided during the event and call alert(document.domain).

There are 3 levels of increasing difficulty each one is worth 100pts, and they are real XSS discovered on bug bounty…
For each step submit your payload to @yeswehack

All your payloads will be tested on a default installation of Chrome 75
At the end of the timer, the one with the most points will be declared the winner.

If two players have the same score, the first one to reach the score will be declared the winner.

Rules

This is an XSS challenge, no need to brute force or automated tools.
This is NOT a cryptography challenge.
Your solution for each step will be a single link.
Just bring your laptop and chrome75 installed

About the event

Alibaba Security Meetup is a security event hosted by Lazada and ASRC.
The goal of these meet-ups is to build a strong “security community” within the South East Asia.
By becoming a member of such a community, you will get to:

  1. Learn about the new trends within the Information Security domain.
  2. Participate in the CTF and win prizes.
  3. Learn more about the ASRC bug bounty platform.
  4. Collect swags and relish food and drinks while networking with your peers in the domain of information security.
    The goal of these meet-ups is to build a strong “security community” within the South East Asia. By becoming a member of such a community, you will get to

For more details about ASRC Vulnerability Rewards Program, please visit:
https://security.alibaba.com/online

See you next week Singapore!