My Journey to Malaysia Cybersecurity Camp 2025

The arrival (DAY 1)

I arrive KL sentral at 9am and have some MCD before meetup with others agent and other participants which we going to port dickson together. After that we take a bus to port dickson and arrive at around 1pm. We then get in to the hall and have some opening ceremony with some ice breaking session. After that we have some briefing about the camp and the schedule for the next few days. After that we have some free time to explore the area before dinner. After dinner we have the first event where we start to learn something fun.

The Bug Bounty Workshop

This workshop have two speakers which is PinkMeiMei a bug bounty hunter from HackerOne. She did share alot of her path to become a bug bounty hunter and some tips and tricks to find bugs in the wild. According to her talk, there is 5 ways to correctly works to bounty a bug in hackerone.

1. Find a vulnerability
2. Writing a report with steps to reproduce.
3. Triange Team Review
   • Must have step to reproduce
   • must have PoC
   • Vulnerability in scope, valid, reproducible
4. Program Internal Team Review
5. Payment and Disclosure

The second speaker is 0XMorph a bug bounty hunter in Web3. He share about his journey to become a web3 bug bounty hunter and some tips and tricks to find bugs in web3 applications. He also share about the tools that he use to find bugs in web3 applications. After the workshop we have some Q&A session with the speakers. Overall the workshop is very informative and fun. I do found that the speaker for bug bounty night is my university senior and have met the founder of my club CyberX. Really small world!

Day 2 - Red Teaming Workshop

On the second day, we have a Rust Artefect Development Essential for Red Team Operations by . This is the first time where I learn about using rust to build a malware as normaly malware is builded in C language where we normally know. I do learn some of the basics of rust and how to use it to build a simple malware. The speaker also share some tips and tricks let it run in startup at temp file like how a real malware after downloaded will do.

After the Rust RTO workshop, we have a mobile hacking workshop. In this workshop, we learn about the basics of mobile hacking and some tools that we can use to hack mobile applications. The speaker also share some tips and tricks to find vulnerabilities in mobile applications. We also have some hands-on session where we can practice what we have learned. Ya and the challenge given is really sus for first flag need to find the .xml file and change it to xvg yeeeet. Overall the workshop is very informative and fun.

Day 3 - Death From Above: Attacking Azure 101

This was interesting!!! We have Aniq as our speaker for this session. He share about the basics of Entra ID and how to exploit someone microsoft account using roadTX tool. Direct get access for whole microsoft account with the use of msbroker. We later then try out to exploit and get access to a windows server with the use of roadTX and msbroker. Then we try to escalate our privilege to get access inside the windows server. Overall this session is very informative and fun!!!!

That night we go for a night walk to the beach side and have some fun at the beach. We play some games and have some fun with the waves. Ammar the guy who sleeping inside the sea waves was funny!! After that we go back to the hall and have some tea talk session sharing our experience together!!

Day 4 - The ending day

On the last day, we have our lunch and chit chat with some friends and its a good byee to everyone. Overall this camp is very fun and informative. I do learn alot of new things and make some new friends. I do hope to attend this camp again in the future. Thank you Malaysia Cybersecurity Camp 2025, RE:HACK and agent-agent for this amazing experience!!!