Knowledge / Articles


At the Cyber Defenders Discovery Camp held in June 2017, 400 students from 26 junior colleges, Integrated Programme schools and tertiary institutions sharpened their cyber defence skills and gained first-hand insights into a career in cybersecurity. Last year, our fellow students from Singapore Management University (SMU), Whitehat Society managed to garner 7 medals as well as the `Best Defence` award.

This year, Whitehat Society is proud to present Lim Anyu and Kenny Lim from SMU and Team T0X1C V4P0R as the CHAMPIONS of CDDC 2017! In addition, Dan Dan Thio and Tan Soon Wei also achieved a remarkable 2nd Runner-Up in the competition. Thanks to the efforts of all our participants as well as Wong Wai Tuck for conducting training workshops, we have managed to more than double our medal count from last year!

GOLD

T0X1C V4P0R – Champions
Whiteunderwear – 2nd Runner-Up

SILVER

Hei Ke Ren

BRONZE

Bai Mao Zi

cddc2017_8Top left: Team T0X1C V4P0R, Lim Anyu and Kenny Lim
Bottom right: Team Whiteunderwear, Dan Dan Thio and Tan Soon Wei

 

2017-06-08 13.07.31Team SMU at CDDC!

Congratulations once again to all winners and participants, see you again next year!



Whitehat Society, in collaboration with NUS Greyhats, is proud to present this year’s edition of Cross CTF (Website, Facebook), Singapore’s first 24H Capture-the-Flag security competition! This year, we expanded Cross CTF to turn it into a 24H CTF competition so that we can provide our participating hackers a full experience in both vulnerability exploitation and patching whilst minimizing the impact of luck.

The participants were first put through a gruelling 48 hour online qualifiers where we saw many teams hack through the night relentlessly for a spot at the finals. The online qualifiers then culminated in an intense 24H hackathon where the best of the best competed against time and their peers to clinch victory. It was certainly an exciting time for both us and the competitors as we saw the grit and sheer determination put out by the finalists as they worked tirelessly to retrieve the coveted flags.

As we neared the end of the competition, we saw many tired faces but the competitors refused to give up. For many, attempting the hardware challenge where they had to reverse engineer a given Arduino board was new and fresh but with the hacker mindset in place, the competitors relished the challenge and kept pressing till the end. At the end of the competition, we are glad that at least half of the competing teams managed to crack the first level of the hardware challenge while one team managed to solve level two of the hardware challenge.

In conclusion, Whitehat Society would like to congratulate the winners and all the participants who persevered till the very end. A very big thank you to our sponsors VantagePoint, Govtech, CSIT, Cyber Test Systems as well as to the helpers who ensured that the competition ran smoothly.

CROSS CTF CHAMPION
T0X1C V4P0R (Hwa Chong Institution)

IMG_0895From left to right:  Velusamy Sathiakumar Ragul Balaji, Ho Jie Feng and Li Bailin

1st Runner-Up
OSI Layer 8 (NUS High School)

IMG_0886From left to right: Ambrose Chua, Liu Hanpu and Chandrasekaran Akash

2nd Runner-Up
Ecks Dee (Anglo-Chinese School(Independent))

IMG_0883From left to right: Li Zhong Fu, Winston Yeo and Alvin Mah

CSIT Prize
Sawadeeka (Nanyang Polytechnic)

IMG_0879From left to right: Nicholas Yap, Debbie Tan, Justin Chan

Once again, we would like to thank all our participants and helpers and we hope that you have had a great time at Cross CTF this year. We know we certainly did and we will see you again next year!

IMG_0897Cross CTF!

IMG_0931The organizing committee and friends behind Cross CTF

See more at our Website and like us on our Facebook page!



Did you know that your phone could be easily tapped to relay sensitive information back to the hackers? In today’s hyper-connected world, it is important to be aware of how easily malicious actors could gain access to the devices that you use everyday for just about everything. In this episode of Talking Point (found here), Wong Wai Tuck and Jaren Lim from Whitehat Society demonstrate how they could hijack host Steven Chia’s mobile phone without his knowledge with just his phone number alone. While this was just a staged experiment, these threats are very real today. With that in mind, keep yourself and your information safe by following some simple guidelines:

  1. Avoid connecting to public and unsecured WiFi as anything and everything you do there can be potentially tracked by malicious actors.
  2. Avoid clicking on links that may look suspicious.
  3. Always know what you’re doing, especially when installing apps that ask for permissions.

Read the full article by Channel News Asia here.

 



We all want security. Yet ironically, the field of cybersecurity is often held at arm’s length and is shrouded in mystery. We started WhiteHacks last year as an initiative to bring Information Security to the JC students and this year, we brought it back, bigger and better than ever. It was certainly an enriching weekend for everyone involved as training and practical lessons were provided for the participants on Day 1. This culminated in an intense showdown on Day 2 where both newbies and the more experienced put their new skills to the test and hacked away for more than $2000 worth of cash prizes.

Congratulations to Team T0X1C V4P0R for taking the champions for WhiteHacks@SG 2017 as well as teams Wyvern and LMAO!. Thank you to all our participants and helpers, we hope that you have had a great time and took away some new found knowledge and skills that you may use in your next Capture-the-Flag competition.

17218547_1435746323114249_1820040413566230970_o

17192426_1435746016447613_3037935851910287531_o

17211993_1435746036447611_9127637774098572489_o

17157401_1435741496448065_930791009955874327_o

17159336_1435771966445018_418744325327961624_o



Earlier in February, Whitehat Society was privileged to have the opportunity to be interviewed by Lian He Zao Bao given that Information Security is steadily gaining more time in the spotlights. The interview briefly covered an introduction to Whitehat Society, what is Information Security in general and why we were interested in it. Whitehat Society is glad that the general public is taking greater interest in cybersecurity and strives to continue its efforts in promoting Information Security awareness to the SMU community.

We would like to thank Lian He Zao Bao for the interview as well as Wong Wai Tuck, Jaren Lim and Winston Ho for their time in showcasing a ‘live’ Information Security demo during the interview.

Read the article by Lian He Zao Bao here and below are some photos from the interview.

photo_2017-03-12_12-32-33

photo_2017-03-12_12-32-57

photo_2017-03-12_12-32-55

photo_2017-03-12_12-32-47

photo_2017-03-12_12-32-42



robotics_process_automation

RVSP NOW!
https://goo.gl/forms/HD43tRZpt2qqNyln2

Dinner will be provided

Synopsis

Robots. We see them in movies, and they’ve transformed the manufacturing industry. But those robots have imposing physical bodies.

Now imagine, a robot without a body.

Robotic Process Automation (RPA) applies technologies that allow employees in a company to configure software robots to capture and interpret existing applications for processing a transaction, manipulating data, triggering responses and communicating with other digital systems. Similar to a software macro, but way more powerful. RPA robots provide dramatic improvements in accuracy, cycle time and increased productivity while relieving people from dull, repetitive tasks. RPA robots are set to revolutionize the way we think and administer processes in business, IT support, workflow, remote infrastructure and back-office operations.

Give yourself that edge in understanding RPA – the technology highly sought after in businesses, banks and consulting practices.

Come join us in an exciting RPA industry sharing by expert, Saurabh Jaiswal.

About Saurabh Jaiswal

Saurabh Jaiswal is the Global Project Manager of the Enterprise Service Innovation Lab at IBM. He oversees the implementation and delivery of the IT programme/projects on various platforms such as web, mobile, and Blue Prism – working with robotic process automation and analytics. Saurabh is the founder of IBM Toastmasters Club Singapore and is the winner of 3 Public Speaking Competitions in IBM. His hobbies include coaching, volunteering, music and jogging.



In lieu of the coming recess week, Whitehat Society organised its very first welfare drive on the 15th of February for its members. However, despite recess week supposedly being a ‘break’ from regular school time, many in SMU would often beg to differ. Some may even say that they would often have even more work and projects to complete during recess week, making it just as stressful, if not more, as regular term time. Understanding the needs of the SMU community, Whitehat Society had the privilege of inviting Mr. Saurabh Jaiswal for a short yet effective lunchtime pep talk designed to help students cope with the the increasing stress.

photo_2017-02-20_10-26-12

In his power speech, Mr. Jaiswal covered the following:

  • 3 Top techniques to stress free exams
  • Time management and stress management tips
  • 3 Top tips to boost motivation

photo_2017-02-20_10-25-50

Whitehat Society would like to thank Mr. Jaiswal for his time and we hope that our members would be better equipped to handle stress and cope with their increasing workload in the coming weeks!

Saurabh Jaiswal is a Global Project Manager at IBM and the founder of IBM Toastmasters Club Singapore. He has won 3 Public Speaking Competitions in IBM till date and enjoys speaking passionately to deliver powerful and useful messages.



groupphotoFrom left to right: Poon Swee Heng, Kong Yu Jian, Wong Wai Tuck, Lau Zi Quan, Sally Chin, Martius Lim

SIS Day is an annual event organised by the School of Information Systems Society (SISS) to commemorate the founding of SMU’s School of Information Systems (SIS). SIS Day 2016 featured a carnival in the afternoon where special interest groups under SISS were able to showcase some of the various club activities as well as a Coding Challenge in the evening where students competed against one another in an intense problem solving competition.

This year, Whitehat Society illustrated the potential dangers of macros in Microsoft Excel when opening files from untrusted sources. Winston Ho (Vice-President of Whitehat Society) demonstrated how simply downloading and opening an Excel file resulted in the execution of an embedded macro in the file despite having an updated anti-virus program. This malicious macro opened a reverse shell back to Wong Wai Tuck’s (President of Whitehat Society) computer where he was then able to perform various tasks such as turning on the webcam and streaming it, record keystrokes for passwords as well as download and save sensitive files from the infected computer.

We are also proud to announce that both of the grand-finalists in the Coding Challenge 2016 were from Whitehat Society. Congratulations to Wong Wai Tuck for winning a brand new PlayStation 4 in the competition and Lau Zi Quan for winning a GoPro Hero Session 4 from taking the first runner-up!

Here are some of the photos of the event!

whitehatbooth3
Wai Tuck and Winston at the Whitehat Society booth!

whitehatbooth4Winston demonstrating the Excel macro infection to fellow students

codingchallenge3Coding Challenge 2016 Finalists Lau Zi Quan (left) and Wong Wai Tuck (right)

codingchallenge4 codingchallenge1



SCC

GovernmentWare (GovWare) is the region’s premier conference and showcase for Cyber Security as well as the foundation event for the inaugural Singapore International CyberWeek (SICW). The Singapore Cyber Conquest (SCC) is a computer and network security challenge that is designed to test the participants’ skills and wit in a cyber range.

The 2016 Singapore Cyber Conquest was driven by SANS NetWars, a dynamic cyber range that allows participants to build, practice, and measure their skills in real-world defensive, analytic, and offensive practices, covering the following skill areas: vulnerability assessment, packet analysis, penetration testing, system hardening, malware analysis, digital forensics and incident response. SANS NetWars is based on five distinct levels, each of which is designed for people who have achieved a given skill set, ranging from participants new to the industry all the way up to those who have demonstrated their mastery of information security capabilities:

Level 1: This level is for people new to the information security industry.
Level 2: At this level, participants have achieved solid capabilities, and represent the largest player community in SANS NetWars, as they work to build their skills even further to differentiate themselves from the pack.
Level 3: People at this level have achieved something quite significant: they’ve exceeded the capability of the average info sec person, and proudly continue to grow to the next level.
Level 4: Some people say that there’s a phrase for SANS NetWars participants who achieve this level: “Hire or promote them immediately!” That’s due to their demonstration of excellence in solving even the most challenging Infosec challenges.
Level 5: In Level 5, master Infosec gurus battle against each other in a castle-vs-castle face-off. This level is seldom reached in a SANS NetWars tournament.

Team Whitehats (Wong Wai Tuck and Winston Ho) under Whitehat Society was ahead of most of the competition at the top of the leader board for the majority of the 7 hour long competition and managed to reach level 4 of the competition. Apart from Team Whitehats, Teams Whitehats Jr (Toh Zi Jie and Jorden Seet) and WTFC (Lau Zi Quan and Martius Lim) also reached level 3 of the competition. Whitehat Society would like to congratulate Teams Whitehats, Whitehats Jr and WTFC for their valiant efforts and respectable performance shown in the SCC.

Here are some of the photos from the event!

SCC Group PhotoFrom left to right
Back row: Toh Zi Jie, Winston Ho, Jorden Seet
Front row: Martius Lim, Wong Wai Tuck, Lau Zi Quan

SCC Scoreboard

If you are interested in attending such events in the future please contact us at issig@sa.smu.edu.sg 🙂



Over the month of August, Whitehat Society hosted two helpful workshops covering the basics of setting up an e-Commerce site on WordPress as well as becoming proficient with Microsoft Excel. The workshops also covered security vulnerabilities in each application as well as tips on preventing those exploits.

Whitehat Society would like to thank Sally Chin, Mah Chia Hui and Wong Wai Tuck for conducting these enriching workshops. We hope you have found these workshops beneficial.

Interested in what you see? Join us at our info session here:  Signup Form for Infosession
Want to be a part of Whitehat Society? Sign up for our sub-committee here: Signup Form for Subcommittee

Photo 6-8-16, 1 03 19 PM

 

Photo 6-8-16, 1 43 53 PM

Photo 6-8-16, 2 54 50 PM  Photo 13-8-16, 1 39 51 PMPhoto 13-8-16, 1 42 46 PM