YesWeHack hosts Bug Bounty Kampung at SINCON 2025

YesWeHack will be at SINCON 2025

SINCON is an annual cybersecurity conference which brings together cybersecurity leaders, practitioners, and enthusiasts to exchange ideas and tackle real-world challenges. Taking place on 22-23 May 2025, the event will feature a dynamic mix of keynotes, interactive "kampungs" (villages), hands-on workshops and a CTF competition.

We are excited to be back again: this time, we'll be hosting the Bug Bounty Kampung (more details below) within the conference!

📍 Meet our team Anne-Laure Ehresmann, Caleb Low, Julian Kong and Isabella Chee at the Kampung rooms, located on Level 5 of voco Orchard hotel. Whether you're just starting out in cybersecurity or already #pwning CTFs, we will be happy to share bug hunting tips and answer any questions. Plus, exclusive swag will be up for grabs ✨

The village is open to all SINCON attendees on both days. Get your tickets now!

  • Visitor Pass: Free
  • Full Conference Pass: Use code SINCON25-SPONSOR for S$150 off

🤖 Ready to level up your hacking game?

Come to the Bug Bounty Kampung hosted by YesWeHack, a place for aspiring ethical hackers and infosec enthusiasts to learn the ropes of real-world vulnerability exploitation. With demos and content crafted by experienced security researchers, this is your chance to learn how Bug Bounty actually works, the tools and techniques needed, and how to turn your skills into actual rewards.

Join us for hands-on sessions led by Anne-Laure Ehresmann, the Lead APAC Security Analyst at YesWeHack:

  • Fundamentals skills needed as a bug hunter
  • Common types of vulnerabilities and how to find them
  • Interesting real-world vulnerabilities that were found
  • Tips on writing a good report (to help you bag that $$)
  • Examples for you to try exploiting a vulnerability

🎯 Dreamt of hacking your first Singaporean company?

During the two days, you can get invited to a real live program and hunt on their scopes. Our team will be onsite to guide and answer questions as you submit your first report (and maybe earn your first bounty 🤑).

Instructions to participate

  • Please bring along your laptop.
  • Install Burp Suite (Community Edition), an indispensable tool for every web application security analyst.
  • Create an account on YesWeHack via yeswehack.com/auth/register and complete the KYC verification process.
  • If you have not done the above, you will need to bring your passport to complete the sign-up process. Your passport needs to be valid and match the information keyed during the account creation.

🕛 Activity Schedule


11:00am - 12:30pm | Bug Bounty 101: Laying the Foundation

Understand the Bug Bounty model, what to expect when hunting, and how to build the right mindset from the beginning. We’ll also show you Dojo, YesWeHack’s free training platform with hands-on challenges to sharpen your skills. Expect practical tips coupled with advice on “everything you need to know when getting started.”

1:30pm - 3:00pm | From Bug Bounty Training to Real-World Targets

We'll walk you through the first steps of hunting by scoping a live web application - just like what you'd do on a real program. You’ll learn how to spot the "smells" of vulnerabilities, practice using common methods and techniques, and experience the day-to-day workflow of a security researcher.

4:00pm - 5.30pm | Key to Level Up: How the Bug Bounty Pros Hunt

Hear how seasoned hunters dug deep within the applications which led to unexpected finds. We’ll share real examples of interesting exploits as well as the lessons learnt, so you can see how developing the approach of being curious and going in-depth can help you move into finding more complex, high-value vulnerabilities which others often overlook.

About YesWeHack

YesWeHack is a leading Bug Bounty and Vulnerability Management Platform used by hundreds of organisations and tens of thousands of bug hunters worldwide. Built and run by ethical hackers since 2015, our Bug Bounty platform offers fast, in-house triage, fair rewards and prompt payouts, and compliance with stringent EU data security laws.

YesWeHack manages hundreds of private and public programs and holds regular Live Hacking Events. Bug Bounty programs include Tencent, Swiss Post, Orange France and the French Ministry of Armed Forces.

Bug hunting is boosted by YesWeHack’s CTF playground/training platform (Dojo), various bug hunting tools, responsible vulnerability disclosure platform (ZeroDisclo.com), non-partisan Bug Bounty/VDP search engine (FireBounty.com), and a blog featuring technical tips and interviews.