YesWeHack's Bug Bounty Kampung | SINCON 2025

Ready to Level Up Your Hacking Game?

The YesWeHack's Bug Bounty Kampung is a place for aspiring ethical hackers and infosec enthusiasts to learn the ropes of real-world vulnerability exploitation. With demos and content crafted by experienced cybersecurity researchers, this is your chance to learn how Bug Bounty actually works, the tools and techniques needed, and how to turn your skills into actual rewards.

Join us for hands-on sessions led by Anne-Laure Ehresmann, the Lead APAC Security Analyst at YesWeHack:

• Fundamental skills needed as a bug hunter

• Common types of vulnerabilities and how to find them

• Interesting real-world vulnerabilities that were found

• Tips on writing a good report (to help you bag that $$$)

• Examples for you to try exploiting a vulnerability

Dreamt of Hacking Your First Singapore Company?

During the 2 days, you can get invited to a real live programme and hunt on their scopes. The YesWeHack team will guide and answer questions onsite as you submit your first report (and maybe earn your first bounty 🤑).

Instructions to Participate

1. Bring along your laptop.

2. Install Burp Suite (Community Edition), an indispensable tool for every web application security analyst.

3. Create an account on YesWeHack via yeswehack.com/auth/register and complete the KYC verification process.

If you did not do the above, you must bring your passport to complete the sign-up process. Your passport must be valid and match the information keyed during the account creation.

Scheduled Activities

Bug Bounty 101: Laying the Foundation

🗓️ 22 May 2025 | 🕘 11.00am—12.30pm

Understand the Bug Bounty model, what to expect when hunting, and how to build the right mindset from the beginning. We’ll also show you Dojo, YesWeHack’s free training platform with hands-on challenges to sharpen your skills. Expect practical tips coupled with advice on “everything you need to know when getting started.”

From Bug Bounty Training to Real-World Targets

Run 1️⃣: 🗓️ 22 May 2025 | 🕘 1.30pm—3.00pm

Run 2️⃣: 🗓️ 23 May 2025 | 🕘 11.00am—12.30pm

We'll walk you through the first steps of hunting by scoping a live web application — just like what you'd do on a real program. You’ll learn how to spot the "smells" of vulnerabilities, practice using common methods and techniques, and experience the day-to-day workflow of a security researcher.

Key to Level Up: How the Bug Bounty Pros Hunt

Run 1️⃣: 🗓️ 22 May 2025 | 🕘 4.00pm—5.30pm

Run 2️⃣: 🗓️ 23 May 2025 | 🕘 1.30pm—3.00pm

Hear how seasoned hunters dug deep within the applications which led to unexpected finds. We’ll share real examples of interesting exploits as well as the lessons learnt, so you can see how developing the approach of being curious and going in-depth can help you move into finding more complex, high-value vulnerabilities which others often overlook.

For more information, please visit: https://www.yeswehack.com/page/yeswehack-hosts-bug-bounty-kampung-at-sincon-2025