8 November 2022 – NUS students have once again proven that strong computing skills coupled with the intellect for creative problem-solving are a potent formula for success.
Two teams from the NUS School of Computing beat more than 30 teams from across Singapore and Asean to emerge tops at the 12th Singapore Cyber Conquest, held during GovWare 2022. GovWare is the premier cybersecurity intel and connectivity platform for the latest trends in technology, organizational implementation, and user perspectives in all things cybersecurity.
The NUS Greycats team comprising Tan Jia Le (Year 4, Information Security) and Devesh Logendran (Year 2, Information Security) emerged as No. 1 in the competition. Coming a close 2nd was the NUS Greyhats comprising Chandrasekaran Akash (Year 2, Computer Science) and Daniel Lim Wee Soong (Year 4, Computer Engineering).
The 12th Singapore Cyber Conquest this year was slightly different from the jeopardy style competitions in the past. The blue-team style Capture the Flag (CTF) competition featured Splunk's Boss of the SOC (BOTS) where participants used various tools in Splunk’s security suite to decipher clues and solve challenges. CTFs are very often the beginning of one's cyber security career due to their team-building nature and competitive aspect.
The competition pace was fast and furious, with the winners earning points based on the level of difficulty and how many other teams solved the challenge at each point in the competition. So the faster one solves a challenge, the higher bonus points are allocated, in addition to the standard points earned from solving each challenge.
Said Tan Jia Le of the Greycats team, “What I found most exciting about the competition was utilising a combination of knowledge I’ve gained from university, jobs and previous competitions to solve the challenges. There were definitely occasions where I got stumped by new concepts, but I soon realised it was just a different spin on what I already knew.”
He went on to explain “The module that helped us most was (CS5231 System Security), which is taught by Prof. Liang this semester. In CS5231, we learned how cyber defenders in a Security Operations Centre (SOC) use a SIEM (Security Incident Event Management) tool to investigate cyber intrusions, similar to how we use Splunk.” Jia Le elaborated, “As the competition centered around Splunk, we completed a few Splunk-related labs on an online cyber security learning platform called “TryHackMe”, which helped us understand how to utilise Splunk in the cyber security context.”
Said Devesh also from the Greycats team “For me, the best thing about CTF competitions is that I always expand my horizons in terms of what is possible in the information security space. No matter how I eventually perform, I always walk away having learnt something new.” He continued, “I read online write-ups of previous iterations of the competition to gain a better understanding of the competition style. We have participated in CTF competitions before, but this blue-team style was something new and an eye-opening experience.”
The Greycats team agreed that simply having a SIEM is not sufficient in today’s modern SOC. Experimenting with various components of the Splunk Security Suite allowed them to understand that a modern SOC would need many other tools to complement the SIEM as the cyber threat landscape becomes more intricate.
Aware that cyber threats and online financial scams are on the rise, they hope that such competitions can equip them with the necessary knowledge and experience to prevent such nefarious activities in the future. However, they are fully aware that cybercriminals are getting smarter and more advanced each day, and they must continuously seek to improve themselves and expand their knowledge.
So what next? Another competition?
They both chimed enthusiastically, “Definitely! There’s an upcoming CTF called “STACK the Flags” by GovTech CSG and we hope to strive for our best there as well. Don’t forget, as the 1st prize winners, the Greycats team win full sponsorship to .conf23 in Las Vegas in July 2023 including courses and certifications at Splunk University. Well done NUS Greycats and NUS Greyhats!