YesWeHack is a Global Bug Bounty and VDP Platform. Founded in 2013, YesWeHack was created by hackers, for hackers. We are committed to provide quality programs for our community and we are working very hard to be the best and fairest crowdsourced security platform out there. YesWeHack is not just a Bug Bounty platform. We also provide community tools and […]

Mind the Bridge: A New Attack Model for Hybird Mobile Applications

In this talk, we present a novel class of Hybrid Application vulnerabilities associated with “Javascript bridges”.  Hybrid apps combine the features of Web applications and “native” mobile apps. First, it provides an embedded Web browser (for example, WebView on Android) that execute the app’s Web code. Second, it supplies “bridges” that allow Web code to access […]

HACK AT THE STUDIO: Panasonic Chimera

The Panasonic Cyber Security Lab has developed a bug bounty platform called Chimera to proactively discover vulnerabilities in Panasonic products. The Chimera platform enables Panasonic to place various home appliances into a special box, and hackers are provided with a special mechanism to operate on the available appliances. After a year of trial implementation in […]

The Phishermen: Dissecting Phishing Techniques of CloudDragon APT

North Korea is regarded as the menace to the whole world not only by holding nuclear weapons in reality but bringing damages to cyberspace. For instance, the USD$101 million lost in Bangladesh Bank Heist, or Operation DarkSeoul that paralyzed banks and broadcasters’ network systems in 2013. In late 2020, the Cybersecurity & Security Infrastructure Agency […]

KEYNOTE 2: The State of Mobile Security

In this keynote presentation we’ll focus on Mobile Security, and discuss recent smartphones related events, signs of compromise on mobile devices, review of recent attacks, review of mobile EDR / DFIR with a deeper dive into mobile investigations. We will also explore the state of self-defense on mobile devices, vendors reactions to attacks, the FreeTheSandbox […]

The Rise of Potatoes: Privilege Escalation in Windows Services

Privilege escalation is a required step for an attacker in order to get full control of a system starting from a lower privileged access. In Windows there are many ways to reach this goal. The first part of the talk will be focused on showing all the recent techniques used to do privilege escalation starting […]