Alibaba Security Meetup-Hacker Community Event

Are you going?

72 people going


AXA Tower

8 Shenton Way · Singapore

How to find us

Mezzanine Level in AXA Tower, Level 1, Visitor Centre

Location image of event venue


In order to get through the venue's building security, please fill up the following pre-registration form:
Once you arrive, an Alibaba/Lazada employee will check you in near the reception.

This month we will hold a Hacker Community Event.
Organizer:Alibaba Security, LAZADA
Partner:Hackerone, Alipay security

17:30-18:00 Sign in
18:00-18:20 Break ice and Gather stamps Game & Networking
18:20-19:00 hacking game
19:00-19:30 Dinner, Networking
19:30-19:50 Bug Bounty Announce
19:50-20:20 Getting Started with Bug Bounty - ( Tips and Tricks )
20:20-20:50 Closing the vulnerable gaps in open-source

Speaker Sessions:
Getting Started with Bug Bounty - ( Tips and Tricks )
The focus of this presentation would be tips and tricks learn over time on bug bounty programs to get started with bug bounty program and hopefully get their first bug.

About Speaker:
Lennon works full time as a security consultant providing penetration testing services to clients primarily in Singapore.
During his spare time Lennon does bug bounty these includes VDP programs and bug bounty program.

Closing the vulnerable gaps in open-source
The software development world is adopting and consuming open-source at a pace never seen before.
Acquisition of Github and Redhat by traditionally open-source averse companies like Microsoft and IBM is a testament to this transition. However, cyber-incidents like Heartbleed and Equifax serve as cautious tales - reminding us that open-source isn't without its flaws.
In this presentation, we look at potential threats and risks associated with the use of open-source - and how they can be easily mitigated with the help of the right tools and development practices.

About Speaker:
Rohan Sood is a founding team member of the cyber-security start-up Scantist, where he leads business development and product operations. Having completed his Master's at NTU, Rohan saw a massive translational gap between cyber-security research in academia and the corresponding commercial products and offerings.
At Scantist, he aspires towards bridging that gap by leveraging his 10+ years of development experience and a knack for entrepreneurship.

Rules for the Gather Stamps Game:-
After sign in everyone will get a stamper and a game card after Sign in.
Networking with other people to gather stamps.
Use stamps to exchange different swags.

Rules for the CTF:-
1. Your objective is to get the flag by exploiting the pre-designed vulnerable application
2. The flag file path:/root/flag
3. Denial of service is strictly forbidden
4. You may use the vulnerability scanners but they wouldn't
help you much!!

-> If you want to participate, all you need is a laptop with root access and basic tools like burp proxy or an OS like Kali linux etc.
-> Internet connection will be provided at the venue. Charging points are limited.
-> Winners will be announced after the last speaker session is finished.

Live pictures
May (pictures will be up on May 29 17:30)
April (See the live pictures on April)

Welcome to join our bug bounty!
For more details about LAZADA bug bounty & ASRC Vulnerability Rewards Program, please visit:
We will announce new bug bounty in meetup.

If you have any questions, just send twitter to us .
We will reach out to you as soon as possible.

Alibaba & Lazada Security Teams
All together, Be Better