Division Zero (Div0) – Singapore Cybersecurity Community

⚠️ **VOLUNTEER SIGN-UP IS REQUIRED VIA THIS FORM**⚠️
*Please keep a look out for our email for the administration instructions for the workshop. If you need assistance, please give a shout at our channel #v0id_deck on our Discord server*

ABSTRACT
You've heard the pitch for the hackerzine `v0id_deck` during our webinar on 6 November. Now let's roll-up our sleeves and get things started!

AGENDA

• 0930 to 1130: self-introduction: whoami
• 1130 to 1230: catered lunch [tell us your dietary requirements when you check-in]
• 1300 to 1400: designing `v0id_deck` - what you can do and want v0id_deck to be
• 1400 to 1430: break
• 1430 to 1530: `v0id_deckOS` - making our own rules, norms and expectations
• 1530: wrap-up

WORKSHOP FACILITATOR
Derek (@dekx_headroom) — sudoer, `v0id_deck`
Infosec Cult(ural)ist. Derek is an imagineer, and sometimes an agent of chaos. He likes to chmod +wx on geeky interests. Been in the shadow of infosec since the 1990s and is now stepping into the sunshine.
LinkedIn: /derekteosgp

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

⚠️ REGISTRATION IS REQUIRED VIA THIS SIGN UP FORM ⚠️

ABSTRACT
SHELLgym is the regular cybersecurity workout you have been looking for! Whether you're just starting out and need some exercises, studying for a cert (hint: OSCP), looking at CTF challenges, or developing something cybersecurity-related (maybe your own automated tools?), SHELLgym aims to help you progress in picking up practical cybersecurity knowledge and skills. Come and go as you please, work on your own stuff with like-minded individuals, or just have fun during the workout!

AGENDA
Thematic activities for this session

1. windows user account basics
2. remote authentication
3. lateral movement

⚠️ NOTE
Bring your own laptops (and laptop chargers). Optional - windows server VM, Linux VM

TRAINER
KK Tan — Founder, counterShell
As a mid-careerist convert to cybersecurity, Tan KK picked up his practical skills through getting OSCP certified and by participating in a variety of CTFs. In his career at CSIT, he performed a variety of red-teaming and vulnerability research roles and established the Cyber Training School at CSIT as the Lead Instructor. Besides the OSCP certification, KK is also OSCE and OSEE certified, and has a Bachelor's degree in Social Science (Psychology). He now sees psychology as a field of study where you fuzz humans until they produce unexpected behaviour.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

⚠️⚠️ To attend, please also fill up the following registration form: https://forms.gle/LsmxBUUBMAZDHkFA9 ⚠️⚠️

AGENDA

• 6.30pm: Registration & Networking (30mins)
• 7.00pm: Introduction & Announcement (15mins)
• 7.15pm: "y² = x³ + 7 (Breaking the Curve)" by Paul Craig (30mins)
• 7.50pm: "Hacker-Focused Penetration Testing: Harnessing Human Intelligence in the Age of AI" by Sandeep H. (30mins)
• 8.25pm: Q&A Discussion (15mins)
• Till Late: Networking

SPONSORS

• MEETUP SPONSOR: CREST
• MEETUP VENUE SPONSOR: CyberSG TIG Collaboration Centre

ABSTRACT
y² = x³ + 7 (Breaking the Curve)
The odds of breaking an Ethereum private key based on an ECC curve within a 256bit field are roughly 1 in 115 quattuorvigintillion (115 and 75 zeros). In theory there is a higher chance I cure cancer, the world explodes, and aliens land on earth. These incredible odds are my starting point, armed with an attitude of “nothing is really impossible, only incredibly difficult” I set on the task of guessing a private key to find real cryptocurrency money using only creativity, curiosity, and a positive hacker attitude. Was I successful? Come see my talk and find out.

Hacker-Focused Penetration Testing: Harnessing Human Intelligence in the Age of AI
In this session, I’ll share how a hacker-focused mindset has shaped my approach to penetration testing — moving beyond automated scans and compliance checks to real-world attack simulations that uncover impactful vulnerabilities.

I’ll walk you through some of my notable findings, including the Meta.AI prompt leak, a WeWork data exposure, and a Zomato blind XSS that escalated from a mobile app to the admin portal, to illustrate how thinking like an attacker reveals what traditional testing often misses.
I’ll also discuss how I apply red-team scenarios, offensive research techniques, and attacker psychology to identify critical security vulnerabilities and secure modern tech companies — from AI systems and APIs to complex cloud-native infrastructures.

BIOS
Paul Craig — CEO, Vantage Point
https://www.linkedin.com/in/paulcraigvp/

Sandeep H. — Founder & CEO, AppSecure Inc.
https://www.linkedin.com/in/sandeephodkasia/

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

⚠️ REGISTRATION IS REQUIRED VIA THIS SIGN UP FORM ⚠️
*Please keep a look out for our email on the outcome of your registration that will be sent to you at 1-2 day(s) before the session. If you did not receive any updates, please drop us an email at community@div0.sg*

Career Series: Talk & Tackle is a dynamic initiative designed to elevate the professional development of cybersecurity practitioners. This series will feature a combination of hands-on workshops and interactive Q&A sessions, providing an engaging platform for experienced professionals to tackle pressing technical challenges in real-time.
Each quarter, Talk & Tackle will focus on four distinct themes:

1. Red Team: Participants will explore offensive security tactics, learning how to think like an attacker. Workshops will cover topics such as penetration testing methodologies, social engineering techniques, and the latest tools used in red teaming, equipping attendees with the skills to anticipate and counteract threats.
2. Blue Team: This theme will delve into defensive strategies, emphasizing threat detection, incident response, and risk management. Attendees will engage in simulations and case studies that allow them to practice and refine their skills in protecting networks and systems against various cyber threats.
3. White/Yellow/Green Team: These sessions will foster collaboration between offensive and defensive teams. We’ll address best practices in threat intelligence sharing, security policy development, and compliance measures. This integrated approach will highlight the importance of a cohesive cybersecurity strategy across different teams.
4. Emerging Technologies: As technology rapidly evolves, this theme will focus on the latest advancements in cybersecurity, including artificial intelligence, machine learning, and blockchain security. Participants will gain insights into how these technologies are reshaping the cybersecurity landscape and explore practical applications to enhance their own security practices.

ABOUT THE WORKSHOP
In this interactive workshop, participants will gain both foundational knowledge and practical experience in safeguarding their Web3 assets and digital identities. The session will cover essential practices such as implementing disk encryption and device-level security, securing seed phrases and private keys, and safely using crypto wallets across browser, desktop, and mobile platforms. Participants will explore the differences between single and multi-signature wallets, learn how to use add-ons to verify transactions, and analyze crypto addresses to detect anomalies or impersonation attempts. The workshop will also introduce common attack vectors and social engineering tactics targeting Web3 users, along with basic methods to trace on-chain transactions and follow crypto movements. By the end of the session, participants will have a deeper understanding of the risks and threats inherent to public blockchains and will be better equipped to protect themselves in the evolving decentralized ecosystem.

What's covered during the workshop
Read more here

AGENDA

• 6.30pm: Registration
• 7.00pm - 10.00pm: Talk & Tackle — User Security and Best Practices in Web3
• Till Late: Networking

SPONSORS

• MEETUP VENUE SPONSOR: CyberSG TIG Collaboration Centre

INSTRUCTOR'S BIO
0x.F | 0x.F has over 15 years of experience in the cybersecurity industry, including eight years specializing in threat intelligence. His career spans roles in leading intelligence firms and Fortune 500 financial institutions, where he focused on cyber threats, adversary tracking, and intelligence. Since late 2020, he has been actively engaged in the Web3 ecosystem, contributing to and participating in multiple blockchain communities. He currently serves as a senior security and intelligence analyst at one of the world’s leading Web3 organizations while pursuing a Master’s Degree in Blockchain and Digital Currency, combining his expertise in cybersecurity with an understanding of decentralized technologies.

IMPORTANT NOTICES

• Code of Conduct: [https://www.div0.sg/code-of-conduct]
• Terms of Use & Disclaimer Notice: [https://www.div0.sg/terms-of-use-disclaimer-notice]