22 October 2015 – NUS Computing students have once again swept the top positions at the Singapore Cyber Conquest, which was held on 6th October 2015, in conjunction with GovWare 2015. Bettering last year’s feat, this year, four NUS Computing teams competed against 31 other teams to clinch the top four positions at the annual cyber security contest organised by the Cyber Security Agency of Singapore (CSA).
These eight students are also part of NUS Greyhats. Despite topping last year’s competition, they still ensured that they were well prepared for this year’s challenge. Even so, the new competition format requiring detailed reports of each exploit was something they did not expect, and they had to adapt quickly to prevail.
Speaking on behalf of the group, first year Information Security student Jeremy Heng describes the contest:
Typically, information security competitions are called Capture-the-Flag competitions (CTF). The 6th Singapore Cyber Conquest CTF involved participants in a simulated industrial espionage scenario where teams had to play both the roles of a ‘good guy’ and a ‘bad guy’. These took the form of two tracks: the offensive track where the goal of the attacker is to penetrate a small network to steal the secret research blueprints from an industrial competitor’s research and development (R&D) department, and the defensive track where teams had to apply knowledge of forensics and some binary analysis to analyse artifacts left over from hacking attempts.
In the offensive track, teams employed strategies used by penetration testers to identify weaknesses in networks and systems and subsequently exploit these weaknesses to gain access to these systems. This involved piercing through layers of security to reach the secure file server hosting the secret R&D blueprints. The interesting point here is that teams were given zero information about their targets and had to perform reconnaissance in a black box environment. This closely mirrors what an actual adversary would encounter.
In the defensive track, artifacts of forensic interest such as network packet captures, entire memory dumps, infected documents, and malicious binaries were presented. Teams had to analyse these artifacts and extract relevant information such as who the attackers were, what the malicious code did, and what information was exfiltrated.
A unique aspect about this CTF was that the teams did not have discrete flags to submit to a scoring system like most CTFs. Instead, teams had to provide reports detailing their steps and findings for submission to the organisers for judging.
There were quite a few curveballs in the challenges, and they required very quick thinking to get around. One particular problem that was interesting was that you had to grab a screenshot of a secure remote system’s desktop. First, you had to compromise the system by utilising cracked credentials already stolen off another less secure system. But there was another problem: the user locked their session! So, what’s the enterprising hacker to do? Take control of their entire user interface, of course!
We had a couple of options: we could inject some malicious payload to start a VNC listener through the shell we already spawned. However, this did not work since the server killed off the VNC process every time it started. So, we went back to the basics. We had the administrator’s credentials in plain text so we simply started a copy of Windows in a virtual machine and used remote desktop to get in. This was a great lesson in not overcomplicating things.
These students are CTF veterans in Singapore and, collectively, have significant experience in competing in local and international cyber security competitions. Many specialised in information security in polytechnics and were part of information security special interest groups, with some even establishing annual specialised seminars to promote information security awareness. Now, they continue to develop their skills, share their knowledge, and foster interest in information security by conducting regular training sessions and organising talks, through NUS Greyhats. Expressing their appreciation for the school’s support, the group stated, “We’d like to thank our advisors A/P Liang Zhenkai and A/P Gary Tan who have supported and guided the NUS Greyhats since our inception. We would also like to thank the Mr. Aaron Tan who has so generously made concessions for scheduling clashes for one of our members during the tense mid-term examinations period as well.”
The Results:
1st Place: NUSGrayhats
Yeo Quan Yang (Computer Science, Year 3)
Kaung Htet Aung (Computer Engineering, Year 3)
Prize: A trip to Blackhats USA 2016, each
2nd Place: NUSGreyhats
Chua Zheng Leong (PhD in Computer Science, Year 3)
Jeremy Heng Wen Ming (Information Security, Year 1)
Prize: A Sans Course, each
3rd Place: NUSGraycats
Anselm Nicholas Foong Wei Lun (Computer Science, Year 4)
Koh Jun Xiang (Computer Science, Year 3)
Prize: $300 Challenger vouchers, each
4th Place: NUSGreycats
Tan Jun Hao (Computer Science, Year 4)
Tan Rongshun (Computer Science, Year 4)
A message from NUS Greyhats:
The NUS Greyhats organises monthly security talks given by really awesome people from the industry (and occasionally us)! Please visit our website (nusgreyhats.org) for more information.