Jan 05, 2013 - Jan 08, 2013
Singapore Polytechnic
500 Dover Road Singapore Polytechnic
139651
6775 1133
Time: 10am to 6pm
Price: Free admission
http://aspirations.sg/
Sunday, December 30, 2012
Singapore Polytechnic Open House 2013
Singapore Polytechnic Open House 2013 (With SP, It's So Possible)
Jan 05, 2013 - Jan 08, 2013
Singapore Polytechnic
500 Dover Road Singapore Polytechnic
139651
6775 1133
Time: 10am to 6pm
Price: Free admission
http://aspirations.sg/
Jan 05, 2013 - Jan 08, 2013
Singapore Polytechnic
500 Dover Road Singapore Polytechnic
139651
6775 1133
Time: 10am to 6pm
Price: Free admission
http://aspirations.sg/
Saturday, December 29, 2012
Scholarships and Financial Assistance
One of the important factors in considering which diploma course to select is the financial support. At SP, we understand your needs and we make education as affordable as we can.
Outstanding students in SP get selected for the SP Scholars Programme to challenge, develop and maximise their personal, intellectual and leadership potential. They also get to take part in the SP Outstanding Talent (SPOT) programme which invokes them in global current affairs and grooms them into a new generation of thinkers and leaders. On top of it, SP scholars also receive full tuition fee sponsorship and one-time laptop subsidy!
Visit our SP website to know more about the Scholarships.
Visit our SP website to know more about the Financial Assistance Scheme.
Outstanding students in SP get selected for the SP Scholars Programme to challenge, develop and maximise their personal, intellectual and leadership potential. They also get to take part in the SP Outstanding Talent (SPOT) programme which invokes them in global current affairs and grooms them into a new generation of thinkers and leaders. On top of it, SP scholars also receive full tuition fee sponsorship and one-time laptop subsidy!
Visit our SP website to know more about the Scholarships.
Visit our SP website to know more about the Financial Assistance Scheme.
For potential DISM students, you can also consider to apply for the following scholarships:
- Red Hat Scholarship
- Integrated Infocomm Scholarship
- National Infocomm Schalarship
Friday, December 28, 2012
New Certified Ethical Hacker is here....
28 Dec 2012. Congratulations to the following DISM student who took and passed the Certified Ethical Hacker (CEHv7) exam on 28 Dec 2012.
- NG CHOON HENG
Wednesday, December 26, 2012
10 Reasons to choose SP
We've got a wide range of courses to suit your needs and interests - 50, to be exact - including new ones being offered for the first time in the new academic year.
2) Fun CCAs
Boredom's got no room in your life when there're more than 120 student clubs and a host of exiting activities for your to take part in.
3) Happening Campus Life
Six food courts, a range of sports and leisure facilities, and the Student Hub@Moberly; no wonder SP students are always on campus.
4) Well-Recognised Qualifications
Many of our graduates have found that an SP Diploma opens the door to further studies at universities both local and foreign. You too can join their ranks.
5) Good Job Prospects
Three words: Industrial Training Programme. Hands-on practical experience is built into our courses so you can enter the job markets as a skilled employee.
6) Outstanding Facilities
"State-of-the-art" and "industry-standard" often come up when people talk about our learning facilities and resources. We like. You would too.
7) Caring and Helpful Lecturers
No kidding! They're experienced and highly qualified too: 60% have a Master's or PhD.
8) Invaluable Overseas Experience
Austria, Canada, China, Egypt, France - just a handful of the countries where our students have been in the past year. Where've you been lately?
9) Affordable Education
Money's not a big worry. Not with our range of financial assistance options, llike tuition grants and study loans. You could also pick up a bursary or a scholarship!
10) Unwavering Dedication to Excellence
Show us what you're made. And we'll show you how to stretch yourself further so you can reach higher.
Wednesday, December 19, 2012
Interview with our DISM Graduates
Interview with our DISM graduates........ hear what they say......
Friday, December 14, 2012
Best IT SECURITY diploma course
At SP, we provide you with the best IT SECURITY diploma course. See the reasons below:
1) State-of-the-art learning spaces (Cyber Wargame Centre, CWC).
2) Experienced, skilled and caring lecturers.
3) Current and relevant curriculum with holistic education.
4) Unleashed your potentials through wargaming.
5) Ready for work, life and world.
6) Improve your employability and market value.
7) Two qualifications await you: both academic and professional certifications.
8) Yes, DISM (S54) is the right choice for you. The fast track to IT security career/education.
Most importantly, we have high cohort success rate for students who choose to proceed to study with local/overseas universities. If you need more information, come to Singapore Polytechnic Open House 2013.
1) State-of-the-art learning spaces (Cyber Wargame Centre, CWC).
2) Experienced, skilled and caring lecturers.
3) Current and relevant curriculum with holistic education.
4) Unleashed your potentials through wargaming.
5) Ready for work, life and world.
6) Improve your employability and market value.
7) Two qualifications await you: both academic and professional certifications.
8) Yes, DISM (S54) is the right choice for you. The fast track to IT security career/education.
Most importantly, we have high cohort success rate for students who choose to proceed to study with local/overseas universities. If you need more information, come to Singapore Polytechnic Open House 2013.
We make you SPecial
Being a Diploma in Infocomm Security Management (DISM) student gives you the competitive edge for a boost in your future studies and career. You can look forward to an interesting curriculum that covers offensive attacks, defensive methods and investigative skills.
Some more reasons why you should join us:
Learning Through Wargaming
Head start in NUS even before you graduate
Get yourself recognised by the industry
Certification List
Choose Diploma in Infocomm Security Management (DISM) S54 as your FIRST CHOICE, the BEST IT Security diploma course.
Some more reasons why you should join us:
Learning Through Wargaming
Test your skills against your peers in our newly designed Cyber Wargame Centre (CWC). Build up your defences, launch offensive attacks on your targets, and delve into the intriguing world of forensics investigation, all in the format of cyber wargame scenarios.
Head start in NUS even before you graduate
Students who meet NUS’ programme criteria can choose join the NUS-Poly Preparatory Programme. This programme gives you the special opportunity to take one NUS module each in your second and third year of study here in SP. Imagine the chance to be immersed in University classes and interact with undergraduates well before your peers! Upon successfully completion of the programme, you will be eligible to enroll into NUS’ Bachelor of Computing degree programme through special admission!!
Get yourself recognised by the industry
Be on top of the game and get recognised by the industry through professional industry certifications. No other institutions are quite as ready as us to give you that extra competitive edge!
Certification List
- CompTIA Security+
- EC Council Certified Ethical Hacking
- EC Council Certified Hacking Forensics Investigation
- EC Council Certified Security Analyst
- ThinkSECURE Organizational Systems Security Analyst
- ThinkSECURE Organizational Systems Wireless Auditor
- Oracle Certified Professional, Java Programmer
- Red Hat Certified Engineer
- And more...
Thursday, December 13, 2012
Singapore Polytechnic Open House 2013
Singapore Polytechnic Open House 2013 (With SP, It's So Possible)
Jan 05, 2013 - Jan 08, 2013
Singapore Polytechnic
500 Dover Road Singapore Polytechnic
139651
6775 1133
Time: 10am to 6pm
Price: Free admission
http://aspirations.sg/
Jan 05, 2013 - Jan 08, 2013
Singapore Polytechnic
500 Dover Road Singapore Polytechnic
139651
6775 1133
Time: 10am to 6pm
Price: Free admission
http://aspirations.sg/
Sunday, December 9, 2012
DISM Year 3 Gathering
On 7th Dec 2012, year 3 DISM students had a lunch gathering before the internship briefing in the afternoon.
One of the past DISM top graduates Gibson Cheng also came back and shared with juniors extensively on the things to take note in application for various courses and universities, both local and overseas ones.
After the buffet lunch cum bonding session, many continued to enjoy themselves with X-Box Games and CTF practices, each catering to the group of unique interest. It was totally the relaxation everyone needed and rightfully deserved after their hard work and effort in the last term.
Amid the pleasant chit-chatting, some took the initiative to capture photos in small groups in the security lab in memory of so many good times they had together along this memorable learning journey in DISM.
One of the past DISM top graduates Gibson Cheng also came back and shared with juniors extensively on the things to take note in application for various courses and universities, both local and overseas ones.
 |
| Gibson Cheng sharing on how to get in the "right university" and how to find out what the "right course" is for oneself |
 |
| Some girls took a group photo to treasure this meaningful moment From left to right: Candice Teo, Valda Goh, Gangadevi, Angie Ng, Siti, Loon Ngai Fong |
Amid the pleasant chit-chatting, some took the initiative to capture photos in small groups in the security lab in memory of so many good times they had together along this memorable learning journey in DISM.
 |
| Three DISM students in Changi Airport waiting for take-off to their destination city Chang Chun, China for OITP From left to right: James Ling Yi, Goh Zhiyan, Angie Ng |
Featuring photo courtesy of Candice Teo and Mr. Calvin Siak
Saturday, December 1, 2012
Final Year Project Sharing: Automated Syscall Fuzzer Generator on MAC OS X
Project Title: Automated Syscall Fuzzer Generator on MAX OS X
Categories: Fuzzer, Mac OS X XNU Kernel.Students: Jeremy Heng (team leader), Ku Wee Kiat, Gerald Tan and Goh Kee Chin.
Synopsis: The purpose of this project is to develop a fuzzer to test for vulnerabilities and reveal bugs in the Mac OS X XNU Kernel.
Aim: Fuzzers built to test for vulnerabilities and reveal bugs in the Mac OS X XNU Kernel are scarce, in both the open and closed source worlds. In addition, existing fuzzers lack the intelligence to adapt to a rapidly changing environment such as a regularly updated operating system kernel. Existing fuzzers do not take into account the semantics of system calls or the order in which these system calls are called. Grapevine is a highly abstractable automated fuzzer designed for the discovery of vulnerabilities and bugs in the Mac OS X’s XNU kernel through the process of ’fuzzing’.
Objectives of the Project:
- To develop a tool that is capable of discovering bugs in the Mac OS X’s XNU kernel through the process of fuzzing
- To automatically and dynamically generate the system calls for execution based on attached semantic rules
- To provide a means by which further investigation may be carried out in the event of a detected failure of the kernel (e.g. kernel panic through corrupted kernel memory).
 |
| The system overview. |
 |
| (From L to R): Jeremy Heng (team leader), Ku Wee Kiat, Gerald Tan and Goh Kee Chin. |
“The Grapevine Project is, I would consider, a great achievement. To design a kernel fuzzer; implement it in one of my favourite languages of all time, Python; and then release it to the open source, completely free and for anyone to use is a huge and memorable thing to do. It's thrilling to be part of the open source community and to contribute to the collective knowledge as part of a final year project. The project was more academic than business, and I particularly enjoyed the technicalities of our subject, the XNU kernel. It is up for free at https://github.com/jergorn93/grapevine, and I definitely hope that it can grow beyond a school project into something bigger in future." said Jeremy, the student leader of the project.
Another student, Wee kiat said, "Doing a large project like this FYP has taught me many things. For one, it is faster to learn a programming language while actually working on a project. This project is written entirely in the Python programming language. Starting out, there was only 1 person in our group with Python knowledge. After the project, the whole group is able to program in Python. Another thing I realised after the completion of the project is the need of to plan properly and thoroughly and to have good communication. There might not be a need for a full SDLC for FYP, but it is still important to have a solid base idea of the project/application and along the way, a strong idea of the tiny details or functions of the application. So that there will not be any last minute misconceptions or misintepretations. I feel that the FYP is one of the best projects I've worked on throughout my 3 years in poly."
Friday, November 30, 2012
Final Year Project Sharing: Social Media Analyzer
Project Title: Social Media Analyzer
Categories: Twitter, Facebook, Flickr, Social Media, EXIF AnalysisStudents: Goh Zhiyan (Team Leader), Kyaw Win Shwe, Lee Xin En and Pang Jing Hui
Synopsis: The purpose of this project is to come out with a social network analyzing application.
Aim: The application will be able to perform route tracing from a given set of photos before displaying on an interactive map where details of the photos are displayed as well as to data-mine the data from social media into insightful information for cyber investigators and the curious alike.
The main aim of the project is to give the user an edge in information analysis from the set of given existing data that they never thought of getting anything useful from. This will be done in the area of social media, more specifically Facebook and Flickr in our case.
The main aim of the project is to give the user an edge in information analysis from the set of given existing data that they never thought of getting anything useful from. This will be done in the area of social media, more specifically Facebook and Flickr in our case.
Objectives of the Project:
- To gather and analyse information that is available on social networking sites
- To aid law enforcement or cyber/forensic investigators in their investigation
- Can also benefits any parents who want to know the places their children previously went, through photographs that are geotagged
 |
| Pang Jing Hui, Kyaw Win Shwe, Lee Xin En and Goh Zhiyan (Team Leader). |
Another student, Kyaw said, "It has been a tiring but a fruitful and eventful journey. I learnt the fact that when everything seems all dead and buried, hold on to the very thing called faith. Overall, I have nothing but sheer delight and immense pride for being part of the FYP team."
For Xin En, it was quite a good learning experience, he said, "Through this final year project, I have learnt a great deal of things. Many things are not taught to us but we have to learn it independently and use resources like the internet to help us."
"During my FYP I have learned a lot on java programming language as we did our project in java. I also managed to learn how to use Application Programming Interface (API) for a few social media websites. Ultimately to me, my FYP is a meaning full one as it can be used out there in the IT world to help criminal investigator to solve their cases." said Jing Hui.
Wednesday, November 28, 2012
Final Year Project Sharing: Twitter Study
Project Title: Twitter Study
Categories: Twitter study, data mining and data analysisStudents: Gangadevi Balakrishnan (Team Leader), Siti Norfaeqah Binte Powzan, Angie Ng Chu Yi and Kok June Mun Derek
Synopsis: The purpose of the project is to develop a twitter client program and also conduct a security investigation on the twitter platform. A c# program that interacts with the twitter platform to gather and store tweets will be developed. Furthermore, a security investigation will be conducted on twitter and the findings will be shared as a report.
Aim: The aim of the project is to create a command console using Microsoft visual studios. Users will be using various commands to interact with the console. The information that is gathered using the program will be displayed on a website. This website acts as a form of interface and users can browse through the downloaded information.
Objectives of the Project:
- Bring a group of interesting people into one common platform and share their topics of interest
- Facilitate the study of trends and favourite topics among these people
- Promote investigation and the use of data analysis
-
 |
| (From L to R) Derek, Gangadevi (Team Leader), Siti and Angie |
“The entire process of completing this project was a very interesting and fruitful experience. Apart from learning a new programming language and gaining a better understanding of the twitter API, I have also learnt about the value of teamwork. Without my team’s cooperation and encouragement, completing this project would have been a very difficult task.” said Gangadevi, student leader of the project.
For Angie, it was entirely a different experience, she said, "The past 6 months has been an amazing journey working with my teammates and with the client's organization. Learning a new programming language on our own was not an easy task since we had other modules.Being a twitter user, I've learnt the importance of security in Twitter, and also to think twice before I post any information or click on any links. It was an awesome experience overall."
"I have picked up a few things from FYP such as oAuth and C# programming, which are not taught in school. I have also realised what we learn in school is nothing but the tip of an iceberg. It was a bit difficult as it was our first time developing something we don't even have any knowledge about, but with enough time we managed to pick up the basics and developed from there. Overall, it has been fruitful as we learned something new and have been able to make a practical proof-of-concept." said Derek.
Tuesday, November 27, 2012
Finanl Year Project Sharing: ForenSistant
Project Title: Image Acquisition using Mobile
Devices with EXIF Information Analysis
Categories: Computer Forensics, Mobile Forensics, Digital Forensics, EXIF
Students: Yang Xudong (Leader), Lin Zi Ying and Loon Ngai Fong
Organization: Singapore Polytechnic
Synopsis: The purpose of the project is to make a system that can capture photo with mobile device and synchronize it with central server for analysis of EXIF metadata as well as generation of various report formats.
Categories: Computer Forensics, Mobile Forensics, Digital Forensics, EXIF
Students: Yang Xudong (Leader), Lin Zi Ying and Loon Ngai Fong
Organization: Singapore Polytechnic
Synopsis: The purpose of the project is to make a system that can capture photo with mobile device and synchronize it with central server for analysis of EXIF metadata as well as generation of various report formats.
Aim: The system ForenSistant comprises of a mobile application, a web service and a communication channel which are all designed and implemented in accordance with essential security considerations. It is expected to be useful in ensuring the chain of custody for forensic photography during police investigation, which could indirectly improve admissibility of the photo evidence.
Use of ForenSistant software suite will help establish heightened evidence security, proper access control, improved synergy with lab examination and greater convenience for the investigator. For further development, areas of focus include photo quality enhancement, cross platform stability and higher degree of encryption..
Final Year Project: The FYP intends to provide students an opportunity to integrate knowledge and technical skills they have acquired from the course and experience problem solving, communication and working as a team to work on an Infosec Security Project. In the project, the students are expected to perform problem analysis, investigation, solution design and implementation of security related project. The students usually spent one semester to complete the project.
 |
| Overview of the system (ForenSistant). |
 |
| A group photograph taken at their display booth during the ITSP Showcase Day. (From L to R) Lin Zi Ying, Loon Ngai Fong and Yang Xudong (Leader) |
“Aside from gaining profound exposure and learning journey in terms of forensic photography and cross-platform mobile application development, there are two other crucial areas in which I have taken this ITSP as an opportunity to really hone my skills. The first would be effective communication and project management as the team lead, whilst the other is adversity handling in order to deliver results. It is my belief that knowledge can be picked up promptly but soft skills come only through prolonged practice.” said Xudong, student leader of the project.
Another student, Ngai Fong said, "In this project, I have learnt several things such as simple information stored in EXIF tags (e.g. GPS, Date Created and Date modified) with aid from relevant APIs, can actually help the Investigators during the image analysis. And also the importance of implementing the proper security controls like using UAC and cryptography to maintain the Chain of Custody and the CIA of the image, during the transmission or storage at the server. Overall, it has been a fruitful experience as I have learned a lot not only from the team members, but also from the research we did."
Monday, November 26, 2012
EHD Mini-Competition 4
26 Nov 2012. This morning, we conducted another min-competition for the Ethical Hacking and Defences (EHD) module at the Cyber Wargame Centre. Students were required to explore and exploit the vulnerabilities of the systems deployed in the infrastructure network. They were able to find and get into the systems within the first hour. Subsequently, they were required to obtain and crack the password file, part of the challenges given to the students.
It was interesting to note that the students were quite familiar with the drills by now and therefore, they were able to work through the scenarios given to them, and achieved the ultimate aim of the mini-competition.
It was interesting to note that the students were quite familiar with the drills by now and therefore, they were able to work through the scenarios given to them, and achieved the ultimate aim of the mini-competition.
Wednesday, November 21, 2012
Cyber Wellness Student Ambassador Conference 2012
DISM Students Promote Cyber Wellness and
Positive Use of Social Media Among Peers
About 450 primary school, secondary school and junior college students have come together over two days from 20th Nov to 21st Nov to learn how they can be advocates for the positive use of social media among their peers at the Cyber Wellness Student Ambassador Conference 2012, held at Damai Secondary School.
The Cyber Wellness Student Ambassadors' Conference is a key annual event under the Cyber Wellness Student Ambassador Programme (CWSAP). The CWSAP is an initiative under BackPackLIVE!, a collaboration between the Ministry of Education (MOE), Infocomm Development Authority of Singapore (IDA) and Microsoft Singapore to inspire, explore and promote safe and responsible use of information and communications technology among students.
The theme for this year’s conference is "Be the change". It focuses on how student ambassadors can take the lead in helping their peers use social media positively and responsibly.
Student leaders studying Diploma in Infocomm Security Management from Singapore Polytechnic have been actively involved in organizing and shaping the programme.
Some forty SP students facilitated workshops to deepen the student ambassadors' understanding of the impact of social media and practical tips that they can employ to help themselves or their friends tackle potential social media issues.
Some forty SP students facilitated workshops to deepen the student ambassadors' understanding of the impact of social media and practical tips that they can employ to help themselves or their friends tackle potential social media issues.
......
[Adapted from MOE Website]
 |
| Facilitator Benedict Thia Jia Jun with Primary School Ambassadors |
 |
| The amiable DISM student leaders Maverick Yong and Lim Jun Liang |
 |
| Kevin Chee helping young ambassadors in ideation process |
 |
| Year 2 Cyber Wellness facilitator Ong Guan Wei in action! |
 |
| Edmund Tang and Roxane Chan explaining about one activity |
Tuesday, November 20, 2012
Red Hat Certifications
Two more DISM students attempted and passed Red Hat certification exams. Congratulations to them!
Red Hat Certified System Administrator (RHCSA) : Chia Ching Chuen
Red Hat Certified Engineer (RHCE) : Yang Xudong
Red Hat Certified System Administrator (RHCSA) : Chia Ching Chuen
Red Hat Certified Engineer (RHCE) : Yang Xudong
PoliCTF 2012
[ Adapted from Team NandyNarwhals Blog Site ]
For the PoliCTF 2012 which took place on last Sunday, team Nandy Narwhals which is made up entirely of DISM SIG members and team Denial of Zervice (Doz) of industrial professionals teamed up to form Singapore Group, a collection of the only two regular CTF teams located in Singapore.
After 24 hours of online collaboration, the combined team managed to solve four of the challenges:
The final place of the team on the scoreboard was 19th with 1000 points, a higher ranking than famous international teams such as PPP and FluxFingers.
That is no doubt another great achievement by our DISM students. Keep up the good work, fellas!
For the PoliCTF 2012 which took place on last Sunday, team Nandy Narwhals which is made up entirely of DISM SIG members and team Denial of Zervice (Doz) of industrial professionals teamed up to form Singapore Group, a collection of the only two regular CTF teams located in Singapore.
 |
| Official web page of PoliCTF 2012, which is organized by Politecnico di Milano, Italy |
After 24 hours of online collaboration, the combined team managed to solve four of the challenges:
1) bin-pwn100
2) binpwn-200
3) binpwn-400
4) grabbag-300
 |
| Team "Singapore Group" finished at 19th position, with various puzzles solved |
The final place of the team on the scoreboard was 19th with 1000 points, a higher ranking than famous international teams such as PPP and FluxFingers.
That is no doubt another great achievement by our DISM students. Keep up the good work, fellas!
Tuesday, November 13, 2012
Catch Me If You Can @ Cyber Wargame Centre
12 Nov 2012. An IT Security Game was conducted this morning at the Cyber Wargame Centre. The theme is entitled as "Catch Me If You Can". Students were required to "investigate" a crime scenario and use tools to perform the analysis of collected evidences.
It was an interesting and exciting exercise as students worked very closely and under pressure to find/locate the culprits. Eventually, the winning team emerged and walk away with free "sweets" from the DISM Chair, Mr Liew.
It was an interesting and exciting exercise as students worked very closely and under pressure to find/locate the culprits. Eventually, the winning team emerged and walk away with free "sweets" from the DISM Chair, Mr Liew.
 |
| The briefing by Miss Yeo. |
 |
| Students actively engaged in the game. |
 |
| Students from another class working hard through the scenario. |
 |
| The scoreboard. |
 |
| The students with the game master, Jia Sheng, a DISM Year 3 student. |
 |
| DISM Chair, Mr Liew with the winning team. |
 |
| Special Mention Prize, Clinton received prize from Mr Liew. Clinton managed to get access into the scoreboard server. |
Tuesday, October 30, 2012
Sharing Session on SCC and HITB CTF with Year 2s
On the morning of 29th Oct, a number of students who took part in the Singapore Cyber Conquest 2012 (GovernmentWare 2012) and Fallout Apocalypse (Hack In The Box) Capture The Flag competitions joined about 60 year 2s DISM students and shared about their enriching experience and learning journey (details of which can be found in our previous blog entries).
During the Ethical Hacking and Defense class, year 1 student Nikolas Tay first talked about how he tackled the various puzzles in his debut attempt, and then Jeremy Heng and Ku Wee Kiat presented on the nuclear-warfare-themed game setup and finally year 3 student Amadeus Tan shared with everyone on how collaboration between teams proved to be crucial.
After the session in the morning, some of the year 2s showed abundant interest and engaged in an extensive conversion with year 3 seniors on an IRC channel. Let us hope more and more DISM students join force and achieve greater heights in their future endeavors!
From left to right: Edmund Teo, Jeremy Heng, Ku Wee Kiat, Nikolas Tay and Amadeus Tan
During the Ethical Hacking and Defense class, year 1 student Nikolas Tay first talked about how he tackled the various puzzles in his debut attempt, and then Jeremy Heng and Ku Wee Kiat presented on the nuclear-warfare-themed game setup and finally year 3 student Amadeus Tan shared with everyone on how collaboration between teams proved to be crucial.
After the session in the morning, some of the year 2s showed abundant interest and engaged in an extensive conversion with year 3 seniors on an IRC channel. Let us hope more and more DISM students join force and achieve greater heights in their future endeavors!
Wednesday, October 17, 2012
Learning Reflections After HITB
The Hack In The Box "Fallout Apocalypse" Capture The Flag competition in Kuala Lumpur concluded last week, and upon return to Singapore our warriors could not wait to share with the rest about their interesting experience and enriching journey. And here is one selected piece of reflection write-ups from each participating team from DISM.
HITB CTF: Fallout Apocalypse by Nikolas Tay, team AIF
Hack In The Box (HITB): Fallout Apocalypse was a Capture The Flag (CTF) competition held in Kuala Lumpur from 10th October to 11th October. The competition went on for 32 hours straight and consisted of teams from all around the globe.
This was my second CTF experience after competing in the GovWare Cyber Conquest CTF the month before. Though it was my second CTF experience per se, it was still a completely new experience to me. This is mainly because this CTF would be held in an Attack-Defense format rather than the usual Jeopardy format (otherwise referred to as a "puzzle-based" format). Therefore, the concept of running daemons, exploiting / defending services, etc... was still foreign to me.
This competition was indeed on a whole new level compared to my past experiences. Before the actual competition even started, we were presented with a Virtual Machine (VM) which was secured with a password. They then told us that we had 30 minutes to set up our equipment, (somehow) get into the VM, and finally change the password. In my opinion, this first instruction given to us really set the tone of the competition. Unlike the earlier GovWare Competition where the login credentials were given to us off the bat, there was no spoon-feeding here. This is the real deal.
Initially, we started off by trying to log in using common login credentials. After a few minutes of failure, we realized that they had actually intended for us to log in through single user mode to change the root password. Hence, we went on that said approach and then successfully gained access to the machine.
Not long after changing the root password, the competition started. Our first move was to check the list of users on the system using the command "cat /etc/passwd". After which, we realized that there was an account dedicated to each daemon (called Reactor Cores (RC) in the context of this competition). Our first instinct was to change the passwords of the seven RC users to more secure ones before we started running them. We then proceeded to run the first daemon, RC1. This was where things started to go awry.
Though the daemon ran flawlessly, the scoreboard did not react to it. In response to this, we ran a "ping" to the scoreboard server and consequently realized we had lost connection to it. This left us rather puzzled and we tried various ways to troubleshoot the problem. After some time, we found that the LAN cable attached to our computer was faulty. We confirmed this with the organizers and had it changed. Little did we know that the cable was not the root of the problem, it was in fact only part of the problem. After a few more hours of troubleshooting, we were hit with more bad luck as there was a short circuit in the main power strip where we were seated. This was the last straw. Without a connection to the score server, we were doing nothing but losing points for the past 7 hours or so. At this juncture, we decided to re-strategize.
We requested for an entirely new VM from the organizer as we did not have a backup of the original VM. This would cost us further points and we could only get it after about 4 hours' time. We agreed to the terms and decided to return to our hotel to revitalize ourselves before coming back for the new VM.
When we came back, everything was finally up and running. According to the organizers, it turns out that it was a fault on their end as their firewall was somehow set to block connections from us. This is where the actual competition really started for us.
We then stayed on throughout the night, decompiling binaries and examining them for vulnerabilities. Though I was relatively familiar with x86 assembly, this was the first time I actually attempted to look for vulnerabilities in a program. My lack of experience in this area proved to be a huge drawback when trying to write exploits for the services.
At one point in the competition, one of the more professional and well-known teams, Sutegoma2 from Japan had all their RCs damaged by LOL (a team from Vietnam) who were playing very strategically by taking out their strongest competitor as soon as possible. As such, it was impossible for the former to gain any more points. Consequently, one of the members from Sutegoma2 approached our team and proposed to form an alliance. After some discussion, we decided to agree to the alliance. Teaming up with such an experienced team would be a potential learning experience for us.
This is where things finally started to go uphill. We seized the opportunity created by this alliance to aid Nandy Narwhals (the other SP team) rise up further in the rankings as they were already doing relatively well at around 4th-5th place. At this stage, it was somewhat of a three-way alliance.
In the end the alliance clearly paid off for everyone; it was literally a win-win-win situation. Sutegoma2 clinched the top spot, Nandy Narwhals managed to get a record breaking (for SP at least) position of 3rd and we also rose to 7th place. In addition, we also forged friendships with the Japanese team.
This competition was indeed an invaluable experience for me. Just from this trip alone, I not only benefitted in terms of technical aspects. I also took home some strategies and important things to note for future competitions, discovered various areas of improvements and most importantly, life lessons that would be very much applicable in my future endeavors.
HITB CTF: Fallout Apocalypse by Nikolas Tay, team AIF
Hack In The Box (HITB): Fallout Apocalypse was a Capture The Flag (CTF) competition held in Kuala Lumpur from 10th October to 11th October. The competition went on for 32 hours straight and consisted of teams from all around the globe.
This was my second CTF experience after competing in the GovWare Cyber Conquest CTF the month before. Though it was my second CTF experience per se, it was still a completely new experience to me. This is mainly because this CTF would be held in an Attack-Defense format rather than the usual Jeopardy format (otherwise referred to as a "puzzle-based" format). Therefore, the concept of running daemons, exploiting / defending services, etc... was still foreign to me.
This competition was indeed on a whole new level compared to my past experiences. Before the actual competition even started, we were presented with a Virtual Machine (VM) which was secured with a password. They then told us that we had 30 minutes to set up our equipment, (somehow) get into the VM, and finally change the password. In my opinion, this first instruction given to us really set the tone of the competition. Unlike the earlier GovWare Competition where the login credentials were given to us off the bat, there was no spoon-feeding here. This is the real deal.
Initially, we started off by trying to log in using common login credentials. After a few minutes of failure, we realized that they had actually intended for us to log in through single user mode to change the root password. Hence, we went on that said approach and then successfully gained access to the machine.
Not long after changing the root password, the competition started. Our first move was to check the list of users on the system using the command "cat /etc/passwd". After which, we realized that there was an account dedicated to each daemon (called Reactor Cores (RC) in the context of this competition). Our first instinct was to change the passwords of the seven RC users to more secure ones before we started running them. We then proceeded to run the first daemon, RC1. This was where things started to go awry.
Though the daemon ran flawlessly, the scoreboard did not react to it. In response to this, we ran a "ping" to the scoreboard server and consequently realized we had lost connection to it. This left us rather puzzled and we tried various ways to troubleshoot the problem. After some time, we found that the LAN cable attached to our computer was faulty. We confirmed this with the organizers and had it changed. Little did we know that the cable was not the root of the problem, it was in fact only part of the problem. After a few more hours of troubleshooting, we were hit with more bad luck as there was a short circuit in the main power strip where we were seated. This was the last straw. Without a connection to the score server, we were doing nothing but losing points for the past 7 hours or so. At this juncture, we decided to re-strategize.
We requested for an entirely new VM from the organizer as we did not have a backup of the original VM. This would cost us further points and we could only get it after about 4 hours' time. We agreed to the terms and decided to return to our hotel to revitalize ourselves before coming back for the new VM.
When we came back, everything was finally up and running. According to the organizers, it turns out that it was a fault on their end as their firewall was somehow set to block connections from us. This is where the actual competition really started for us.
We then stayed on throughout the night, decompiling binaries and examining them for vulnerabilities. Though I was relatively familiar with x86 assembly, this was the first time I actually attempted to look for vulnerabilities in a program. My lack of experience in this area proved to be a huge drawback when trying to write exploits for the services.
At one point in the competition, one of the more professional and well-known teams, Sutegoma2 from Japan had all their RCs damaged by LOL (a team from Vietnam) who were playing very strategically by taking out their strongest competitor as soon as possible. As such, it was impossible for the former to gain any more points. Consequently, one of the members from Sutegoma2 approached our team and proposed to form an alliance. After some discussion, we decided to agree to the alliance. Teaming up with such an experienced team would be a potential learning experience for us.
This is where things finally started to go uphill. We seized the opportunity created by this alliance to aid Nandy Narwhals (the other SP team) rise up further in the rankings as they were already doing relatively well at around 4th-5th place. At this stage, it was somewhat of a three-way alliance.
In the end the alliance clearly paid off for everyone; it was literally a win-win-win situation. Sutegoma2 clinched the top spot, Nandy Narwhals managed to get a record breaking (for SP at least) position of 3rd and we also rose to 7th place. In addition, we also forged friendships with the Japanese team.
This competition was indeed an invaluable experience for me. Just from this trip alone, I not only benefitted in terms of technical aspects. I also took home some strategies and important things to note for future competitions, discovered various areas of improvements and most importantly, life lessons that would be very much applicable in my future endeavors.
HITB CTF 2012 Summary by Ku Wee Kiat, Nandy Narwhals
For some of us, its the second year taking part in HITBKUL CTF whilst for others its their very first.
For some of us, its the second year taking part in HITBKUL CTF whilst for others its their very first.
Those that have been to last year's HITB are now be familiar with the competition venue, the lodging venue as well as miscellaneous travel arrangements.
This is an advantage as we will be able to concentrate more on the competition than to worry about getting lost in a foreign land.
The other important gain in this year's HITB for us is the chance to talk with members from other teams.
Unlike last year where some of us stayed in the hotel during the 2nd day of the competition, this year all of us camped for the entire duration of competition which gave us plenty of opportunities to interact with other teams as well as to enjoy a exciting and often antagonistic competition atmosphere.
For example there were team LOL from Vietnam, sutegoma2 from Japan and 0xDC381015 from Singapore, and we were able to learn quite a bunch of stuff through talking with them. This could in a way point us in the right direction when we practice for future competitions.
Sunday, October 14, 2012
DISM Students In Action At HITB@KL
In the last week of the the vacation, five DISM students along with lecturer Mr Calvin Siak once again set foot in Kuala Lumpur (KL), Malaysia to take part in the fun-filled Capture The Flag (CTF) competition under the Hack In The Box conference 2012 hosted in KL.
This annual overseas venture has almost become a tradition of the DISM Special Interest Group. And this year, our boys are back with the best ever result with two teams ranked at third and seventh against participants made up of almost entirely professional security consultants and university students!
To celebrate the 10th year anniversary of HITBSecConf, the CTF Overlords and CTF Crews 1.0, 2.0 and the all-new 3.0 have come together to work on a 32 HOUR NON STOP CAPTURE THE FLAG COMPETITION which are called CTF Weapons of Mass Destruction – Fallout Apocalypse!
... ...
Fallout Apocalypse requires each team to manage a nuclear power plant and protect their daemons, which represents the reactor's cores, from attacks while at the same time launch attacks against rival teams' nuclear reactor. Weaponized SCADA exploits can be used to cause monetary damage towards rival teams. Fallout Apocalypse also features a spanking new black market where teams may trade exploits and also purchase countermeasures.
[Summarized and adapated from hitb.org website]
This annual overseas venture has almost become a tradition of the DISM Special Interest Group. And this year, our boys are back with the best ever result with two teams ranked at third and seventh against participants made up of almost entirely professional security consultants and university students!
All members of the "expedition" team after first arriving KL
The huge pull-up banner for the Fallout Apocalypse CTF
The scoreboard at the very beginning of the competition
A corner of the competition venue, hosting 10 teams
Team AIF laying down strategy!
Team members (from left to right):
Nikolas Tay, Edmund Teo and Amadeus Tan
Amadeus, are you trying to ... social engineer
the legendary pro-team Sutegoma2 from Japan?
And he succeeded ... in having a group photo
containg both team AIF and team Sutegoma2!
This status map certainly has a certain "nuclear" look
The final scoreboard with team Nandy Narwhals
from DISM losing narrowly to the second place
Team Nandy Narwhals receiving the second runner-up prize
Team members (from left to right):
Ku Wee Kiat and Jeremy Heng Wen Ming
As shown in the photo of the final scoreboard above, team Nandy Narwhals finished off at third place with 2,568,000 points while team AIF got 1,756,000 points at seventh position. One thing worth mentioning was that team Narwhals was competing with one member short due to some visa problem, making the achievement even more extra-ordinary.
Kudos to DISM students! Congratulations to both teams Nandy Narwhals and AIF.
No doubt it is by far the highest ranking ever achieved in HITB CTF by teams from DISM, but we have every reason to believe in years to come future batches definitely have the potential to soar to greater heights.
Photos courtesy of Mr Calvin Siak and Amadeus Tan
Saturday, October 13, 2012
STAR Development Program 2012
During 8th to 10th October, the annual DMIT STAR Development Program (formerly known as the STAR Camp) took place at The Hall and various on hilltop facilities. Several year 1 DISM students were among participants, and they were Peh Sze Chi, Tan Si Hui, Cheong Ren Hann, James Edward Teoh and Bay Min Han.
Mission of DMIT STARs (STudent AmbassadoRs)
The Student Ambassadors exist to build and reinforce the connections that foster rela-tionships among our alumni, students, school, staff, prospective students, and Singapore Polytechnic in addition to providing opportunities for the personal, social and professional growth of its members while in pursuit of their academic excellence.
[Extracted from DMIT STAR Facebook group]
A little ice-breaking game at the hilltop foyer
Trainer Mr. Rahul sharing on presentation & public speaking skills
Come up and straight away apply what was taught
Preparation on how to present during DMIT facilities tour
What is Ren Hann doing? Why does he look astonished?
Well, here is a little game called "passing the message"
"Human dog and bone"! Perhaps NOT for the faint-hearted ...
Heavy lunch time conversation topic: End of The World =.=
On the last afternoon a year 3 senior STAR presenter from DISM was also awarded and conferred the Certificate of Commendation by Deputy Director of DMIT Ms Shirley Ngiam together with a few students from other courses such as DIT and DDM for the excellent service rendered in the past two years.
At the end of three days, many student participants were rather tired but at the same time feeling excited. While most are looking forward to more STAR activities, some committee members have already started planning for the next gathering - Year End cum Christmas party.
All the best and make DMIT proud, fellow young STARs!
Photos courtesy of Ms Junie Tan
Subscribe to:
Posts (Atom)
