Name: Div0 x CREST Meetup — Breaking the Curve & Harnessing Human Intelligence
Start: 2025-11-26T18:30:00+08:00
End: 2025-11-26T21:30:00+08:00
Location: CyberSG TIG Collaboration Centre (formerly ICE71)

**⚠️⚠️ To attend, please also fill up the following registration form:** [https://forms.gle/LsmxBUUBMAZDHkFA9](https://forms.gle/LsmxBUUBMAZDHkFA9) **⚠️⚠️**

**AGENDA**

* 6.30pm: Registration & Networking (30mins)
* 7.00pm: Introduction & Announcement (15mins)
* 7.15pm: "**y² = x³ + 7 (Breaking the Curve)**" by **Paul Craig** (30mins)
* 7.50pm: "**Hacker-Focused Penetration Testing: Harnessing Human Intelligence in the Age of AI**" by **Sandeep H.** (30mins)
* 8.25pm: Q&A Discussion (15mins)
* Till Late: Networking

**SPONSORS**

* MEETUP SPONSOR: [CREST](https://www.crest-approved.org/)
* MEETUP VENUE SPONSOR: [CyberSG TIG Collaboration Centre](https://www.linkedin.com/company/cybersg-tig-collaboration-centre/posts/?feedView=all)

**ABSTRACT**
**y² = x³ + 7 (Breaking the Curve)**
The odds of breaking an Ethereum private key based on an ECC curve within a 256bit field are roughly 1 in 115 quattuorvigintillion (115 and 75 zeros). In theory there is a higher chance I cure cancer, the world explodes, and aliens land on earth. These incredible odds are my starting point, armed with an attitude of “nothing is really impossible, only incredibly difficult” I set on the task of guessing a private key to find real cryptocurrency money using only creativity, curiosity, and a positive hacker attitude. Was I successful? Come see my talk and find out.

**Hacker-Focused Penetration Testing: Harnessing Human Intelligence in the Age of AI**
In this session, I’ll share how a *hacker-focused mindset* has shaped my approach to penetration testing — moving beyond automated scans and compliance checks to real-world attack simulations that uncover impactful vulnerabilities.

I’ll walk you through some of my notable findings, including the **[Meta.AI prompt leak](https://techcrunch.com/2025/07/15/meta-fixes-bug-that-could-leak-users-ai-prompts-and-generated-content/)**, a **[WeWork data exposure](https://techcrunch.com/2022/07/04/wework-exposed-visitors-data/)**, and a **Zomato blind XSS that escalated from a mobile app to the admin portal**, to illustrate how thinking like an attacker reveals what traditional testing often misses.
I’ll also discuss how I apply **red-team scenarios**, **offensive research techniques**, and **attacker psychology** to identify critical security vulnerabilities and secure modern tech companies — from AI systems and APIs to complex cloud-native infrastructures.

**BIOS**
**Paul Craig — CEO, Vantage Point**
https://www.linkedin.com/in/paulcraigvp/

**Sandeep H. — Founder & CEO, AppSecure Inc.**
https://www.linkedin.com/in/sandeephodkasia/

**IMPORTANT NOTICES**

* Code of Conduct: [https://www.div0.sg/code-of-conduct](https://www.div0.sg/code-of-conduct)
* Terms of Use & Disclaimer Notice: [https://www.div0.sg/terms-of-use-disclaimer-notice](https://www.div0.sg/terms-of-use-disclaimer-notice)

Daria Akatyeva

Esther Tan

Emil Tan

Division Zero (Div0) – Singapore Cybersecurity Community

Division Zero (Div0)

IIC Productions Pte Ltd

Red Alpha

CyberSG TIG Collaboration Centre

Technology

Hacking

Ethical Hacking

Cybersecurity

Information Security

Computer Security

Network Security

Application Security

Software Security

Web Security

Web Application Security

Cloud Security

Penetration Testing

White Hat Hacking

dekx_headroom

Eric Loi

Sunit

Nitecrawler

Ernest V

Quan Heng Lim

Anthony Wo