Division Zero (Div0) – Singapore Cybersecurity Community

Submit the form and be part of the journey ➡️ https://forms.gle/C6rQP7nh2Tp1P5C38

*Note that this event has limited capacity, so be sure to sign up fast!

AGENDA

• 9.30am: Registration & Networking (30mins)
• 10.00am: Introduction & Announcement (10mins)
• 10.10am-2.00pm: Hands-on workshop by Christina Oh and Ng Wei Ting covering basic vulnerabilities and exploiting them (there will be a break for lunch in between)
• 2.00pm-2.30pm: Wrap up, final Q&A

SET UP INSTRUCTIONS FOR PARTICIPANTS

• Laptop should be installed with Community Edition of Burp Suite
• Set up an account on Portswigger Academy

SPONSORS

• MEETUP VENUE SPONSOR: CyberSG TIG Collaboration Centre
• FOOD SPONSOR: REVERSEC

SPEAKERS' BIOS
Christina Oh | Christina is a pentester and white hat hacker with six years of experience, focusing on web and mobile applications. She is currently a Security Consultant at Reversec.

Ng Wei Ting | Wei Ting is a cybersecurity consultant with experience in web and mobile application testing, as well as infrastructure penetration testing across different industries. She is passionate about the field of cybersecurity and continues to grow her skills through hands-on testing and real-world projects. She also enjoys sharing her knowledge with others and hopes to encourage more people to discover and enjoy the field as much as she does.

IMPORTANT NOTICES
Code of Conduct: https://www.div0.sg/code-of-conduct
Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

See you all there!👋🏽

⚠️ REGISTRATION IS REQUIRED VIA THIS SIGN UP FORM ⚠️

ABSTRACT
ShellGym is the regular cybersecurity workout you have been looking for! Whether you're just starting out and need some exercises, studying for a cert (hint: OSCP), looking at CTF challenges, or developing something cybersecurity-related (maybe your own automated tools?), ShellGym aims to help you progress in picking up practical cybersecurity knowledge and skills. Come and go as you please, work on your own stuff with like-minded individuals, or just have fun during the workout!

AGENDA
Thematic activities for this session

• 2:00 pm - recap of the previous session (RE without tools, covered on 22 Aug)
• 2.30 pm - RE with basic free tools
• 5:00 pm - RE of exploit and payload code

⚠️ NOTE
Participants should have both linux and windows VMs. The arch used should be intel or AMD (ie not ARM, eg macbooks)

TRAINER
KK Tan — Founder, counterShell
As a mid-careerist convert to cybersecurity, Tan KK picked up his practical skills through getting OSCP certified and by participating in a variety of CTFs. In his career at CSIT, he performed a variety of red-teaming and vulnerability research roles and established the Cyber Training School at CSIT as the Lead Instructor. Besides the OSCP certification, KK is also OSCE and OSEE certified, and has a Bachelor's degree in Social Science (Psychology). He now sees psychology as a field of study where you fuzz humans until they produce unexpected behaviour.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

⚠️ REGISTRATION IS REQUIRED VIA THIS SIGN UP FORM ⚠️
⚠️ NO WALK-INS, SIGN UP CLOSES ON 28-SEP-2025, 2359 (SGT). ⚠️
*Please keep a look out for our email on the outcome of your registration that will be sent to you at 1-2 day(s) before the session. If you did not receive any updates, please drop us an email at community@div0.sg*

—
AGENDA

• 6.30pm: Registration & Networking (30mins)
• 7.00pm: Introduction & Announcement (20mins)
• 7.10pm: "Insights on Enterprise Security Detection" by Chen Xiaoqiang
• 7.30pm: "Peek into our GSO Threat Intelligence Program" by Lucas Tan
• 8.00pm: "Patching the Gaps + Insights into our HackerOne Live Hacking Event" by Hui Yi Loke, Zhaohong Liu
• 8.30pm: "LLMs: Your Next AppSec Tool, or Your Next Target?" by Robin Hung, Jessie
• Till Late: Networking

SPONSORS

• VENUE and F&B SPONSOR: TikTok
• DIV0 SUSTAINING OFFICIAL SPONSOR: Red Alpha Cybersecurity

ABSTRACTS
The event will feature insights from TikTok's in-house experts, providing a unique look into how a global platform manages its security operations. The presentations will be led by representatives from our TMIRI pillar, specifically from the following teams, TDR, TI and VM.

Insights on Enterprise Security Detection
This presentation explores practical insights into enterprise security detection and defense. It begins with real-world cyber incidents, highlighting global ransomware, APT attacks, and large-scale disruptions. By analyzing a typical intrusion process—from phishing emails to lateral movement and privilege escalation—it reveals how attackers penetrate corporate environments. The slides further explain the MITRE ATT&CK framework and its role in building proactive defenses. Enterprise practices are shared, including big data log collection, expert rules, and machine learning to detect abnormal behaviors across the attack chain. Finally, it emphasizes incident response as the “last mile” of defense, with metrics like MTTD and MTTR guiding continuous improvement. The key takeaway: effective security requires reducing detection and response time to minimize risks and strengthen resilience.

Peek into our GSO Threat Intelligence Program
This presentation aims to introduce Threat Intelligence to newcomers in the field. It explores how the GSO Threat Intelligence team categorizes intelligence into Traditional, Business Risk, and Dark Web categories, and applies these concepts to a real-world case study on Business Risk investigations. Starting with an initial lead from a Telegram ad, we detail the intelligence gathering process, impact analysis, and how Threat Intelligence works can impact an organisation. The presentation concludes with a fun tidbit about the identities behind the Threat Actor.

Patching the Gaps + Insights into our HackerOne Live Hacking Event
This presentation explores the product vulnerability management process in TikTok and provide insights on the experience of setting up public live hacking events (LHE) with HackerOne.

LLMs: Your Next AppSec Tool, or Your Next Target?
Large Language Models (LLMs) are both a massive opportunity and a new risk. So, are they a trustworthy ally or just the next attack surface? This talk dives into both.

First, we'll cover the AppSec perspective: how to use LLMs to supercharge the security toolings and accelerate daily workflows. We'll demonstrate how to move faster on security reviews, pentestings, code reviews, and more. Then, we'll put on our red team hats and introduce an agentic, AI-powered pentesting playbook, with practical guidance and real-world case studies on hacking AI applications.

You'll walk away knowing how to use LLMs for defense and how to guard your applications against this new generation of threats.

BIOS
Chen Xiaoqiang | Xiaoqiang has spent over 13 years in the cybersecurity battlefield, serving at leading companies like ZTE, Tencent, and ByteDance. From shaping DLP strategies to building enterprise-level defense systems, he has always been on the front line against invisible adversaries. At Tencent, he led a 20+ member team in relentless battles, and at ByteDance, he sharpened his expertise in intrusion detection. His dedication and hands-on experience make him a true practitioner of enterprise security.

Lucas Tan | Lucas is a Threat Intelligence Analyst with experience in monitoring the cybercriminal underground and supporting investigations into breaches, phishing campaigns, and data leaks. At TikTok, he continues to build on this foundation by developing new intelligence sources and delivering actionable intelligence assessments to internal stakeholders.

Hui Yi Loke | Just a potato

Zhaohong Liu | Zhaohong is a Vulnerability Management Analyst at TikTok, responsible for managing external bug bounty programs, conducting vulnerability assessments, and driving the vulnerability management lifecycle. Leveraging her technical background and 2 years of experience at TikTok, she effectively coordinates with teams and implements security measures to support the company's security posture.

Robin Hung | Robin is a security engineer at TikTok's application security team in Seattle. He has experience in all things product security related. As a recent addition to the team, his current focus is on building the LLM applications to replace himself in the world of security.

Jessie | Jessie is a security engineer on TikTok's application security team based in Singapore. He has comprehensive experience in product security and is primarily responsible for the LLM-related business line. Currently, he is focused on developing automated systems and scanners to streamline and automate tasks within the team.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

⚠️⚠️ To attend, please also fill up this registration form: [https://forms.gle/NAY2Ju1EsGNaqDo79] ⚠️⚠️
*Please keep a look out for our email on the outcome of your registration that will be sent to you at 1-2 day(s) before the session. If you did not receive any updates, please drop us an email at community@div0.sg*

Career Series: Talk & Tackle is a dynamic initiative designed to elevate the professional development of cybersecurity practitioners. This series will feature a combination of hands-on workshops and interactive Q&A sessions, providing an engaging platform for experienced professionals to tackle pressing technical challenges in real-time.
Each quarter, Talk & Tackle will focus on four distinct themes:

1. Red Team: Participants will explore offensive security tactics, learning how to think like an attacker. Workshops will cover topics such as penetration testing methodologies, social engineering techniques, and the latest tools used in red teaming, equipping attendees with the skills to anticipate and counteract threats.
2. Blue Team: This theme will delve into defensive strategies, emphasizing threat detection, incident response, and risk management. Attendees will engage in simulations and case studies that allow them to practice and refine their skills in protecting networks and systems against various cyber threats.
3. White/Yellow/Green Team: These sessions will foster collaboration between offensive and defensive teams. We’ll address best practices in threat intelligence sharing, security policy development, and compliance measures. This integrated approach will highlight the importance of a cohesive cybersecurity strategy across different teams.
4. Emerging Technologies: As technology rapidly evolves, this theme will focus on the latest advancements in cybersecurity, including artificial intelligence, machine learning, and blockchain security. Participants will gain insights into how these technologies are reshaping the cybersecurity landscape and explore practical applications to enhance their own security practices.

ABOUT THE WORKSHOP
Quantum safe technologies such as Quantum Key Distribution (QKD), are essential for long term security and guard against future quantum threats. Unlike classical encryption methods, which can be vulnerable to attacks from quantum computers, QKD distributes keys securely using the principles of laws of physics and is resilient against quantum attacks. By integrating quantum safe technologies such as QKD, businesses can enhance their cybersecurity infrastructure to withstand emerging threats, maintaining trust and confidence in their data protection measures.

What's covered during the workshop

1. Overview of quantum computing and quantum communications
2. Quantum threats
3. Overview of QKD and PQC in modern cryptography
4. Introduction to the QKD protocol
5. Integrating QKD to existing classical infrastructure

AGENDA

• 6.30pm: Registration
• 7.00pm - 10.00pm: Talk & Tackle — Quantum Security
• Till Late: Networking

SPONSORS

• MEETUP VENUE SPONSOR: CyberSG TIG Collaboration Centre

SPEAKER'S BIO
Cyril Su | Quantum Security Architect, SpeQtral
Cyril is a 22 year old cybersecurity professional. He is a certified CISO (C|CISO) and currently holds a CISSP, CSSLP, CEH, ITIL and certified Blackblot Product Professional. He is currently a quantum security architect with SpeQtral, a local quantum communications company, which specialises in Space Quantum Key Distribution (QKD) technologies. He is the leading architect for Singapore’s first quantum network, also called NQSN+. In a current evolving space of quantum, besides QKD, Cyril is also exploring in the space of quantum computing, learning different Quantum modalities, and post quantum cryptography.

In the area of cybersecurity, Cyril had deeply worked on technologies (in the R&D space) that include steganography, cryptography design, smart cards, cloud security, IoT security, OT security, product security, wireless pen testing and most recently, quantum key distribution technologies. He enjoys cybersecurity innovation, has 2 cybersecurity patents and a few cybersecurity product innovation awards (CES and Singapore Good Design).

Cyril is also an active cybersecurity EXCO member with the ISC2 Singapore Chapter, co-opt member of Cybersecurity Chapter as well as exco of Quantum Special Interest Group under Singapore Computer Society.

IMPORTANT NOTICES

• Code of Conduct: [https://www.div0.sg/code-of-conduct]
• Terms of Use & Disclaimer Notice: [https://www.div0.sg/terms-of-use-disclaimer-notice]