Inaugural Joint IHL Event

Road to InfoSec Professional

– A Students-Lead Joint IHL Event Sponsored by ISACA Singapore

On 30th March 2013, Infocomm Security (InfoSec) students from Singapore Polytechnic, Temasek Polytechic and Nanyang Polytechnic gathered at Singapore Management University (SMU) for a joint Institute of Higher Learning (IHL) event organised with support from ISACA Singapore Chapter. The theme for this event was “Road to InfoSec Professional”, which served as a platform for students from the various IHLs to network and share their knowledge in the field of InfoSec. In addition to networking opportunities, the event featured lightning talks from the student leaders themselves and a sharing session by professionals in the field.

To start off the event Mr Tong Seng Chee, ISACA Singapore Director of Academic Outreach, gave an opening address to the participants. During his address, he emphasised on the importance of InfoSec in the present times and the need to constantly improve ourselves in this field. Continuing from his opening address, Mr Tong also proceeded to share his past experiences and knowledge with the audience.

Several other professionals present at the event also chipped in and shared on how they developed their skills in the field over the years. One of the professionals present was none other than Mr Leonard Ong, the President of ISACA SG. During his sharing, Mr Ong touched on his early days in the industry and described his learning process over the years. Other speakers included Ryan Baxendale, a security consultant and veteran penetration tester at security-assessment.com and Teh Kaiwen, IT Youth of the Year Award winner.

After an enriching session by the professionals, the participants of the event were provided with an opportunity to network with each other over some light refreshments. This session effectively gave rise to numerous interesting conversations among both the students and professionals. Additionally, the lively atmosphere was enhanced by a mini inter-IHL quiz organized for the student participants, which added greater depth and quality to the interactions within students. As this section of the event went on, friendships were budding and bonding were forged.

Next in the lineup was the Lightning talks by the students leaders. These talks served to be a platform for students to share their experience in their niche areas in the field of InfoSec. The talks started off with a lighthearted sharing by Nikolas Tay, a first year student from Singapore Polytechnic (SP) about his journey in the field of InfoSec. During his speech, he addressed some of the common difficulties faced by newcomers to the field by providing some sound advice based on his personal experience.

Following this was a talk by Jeremy Heng and Ku Wee Kiat, two SP students who participate actively in Capture The Flag (CTF) competitions under the name Nandy Narwhals. Jeremy started off with the topic of Breaking Python Sandboxes, a presentation inspired by a puzzle in a recent competition. The presentation included a live demonstration of the concept which garnered a significant amount of interest within the audience. In the next portion, Wee Kiat presented the crowd with a unique presentation on the topic of Binary Visualization. During the course of his presentation, Wee Kiat touched on the various methods of analyzing files through visuals as opposed to other conventional methods.

Among the speakers were two groups from Temasek Polytechnic (TP) who brought two facinating topics to the table. The first group showcased a tool solely developed by students from TP, the Facebook Forensics Toolkit v2.0. The group touched on how data can easily be retrieved from social networks such as Facebook and archived into well organized “case files”. Given the current popularity of social media, such a tool would prove extremely useful for gathering evidence against criminals during investigation of crimes. The second presentation entitled Cold Boot Project delved into the realm of digital forensics. The presentation was an analysis of data degradation within the Random Access Memory (RAM) of a computer over time (from the time when power has been cut off).

The next talk was conducted by Chia Yong Xiang from Nanyang Polytechnic. In his talk “Password Audit (On The Cloud)”, Yong Xiang highlighted the significant role of could computing in the field of password audit and effectively illustrated the techniques used to carry it out. In addition, Yong Xiang also provided the audience with some interesting cloud password cracking services for the audience to try out.

To conclude the session, Ng Choon Heng from SP touched on a topic which took a different perspective towards security compared to the earlier talks: Social Engineering. In his talk entitled “Social Engineering – Psychological Manipulation”, Choon Heng presented the crowd with a refreshing take on security as he tackled one of the most neglected areas of security, the human element. In addition, Choon Heng also highlighted some real life examples of successful social engineering, further emphasising that such attacks are relavant in today’s InfoSec industry.

With the conclusion of the lightning talks, Mr Tong took the stage once again and gave a closing speech to the attendees along with presenting tokens of appreciation to the student president of each polytechnic present. The top four winners of the IHL Trivia Quiz also received their prizes, iPod Shuffles, from the event organizer, putting an ending note to this lovely afternoon.

Let us hope such event gets carried on in years to come and even become an everlasting tradition among ISACA Student Groups from various IHLs in Singapore.

Presentation slides available at: http://goo.gl/YgoYz

Complete photos availabe at: http://goo.gl/qMn9K

 

Event Registration Booth

Emcee Kicking Start Event

Mr. Tong Seng Chee Opening

ISACA & Academic Support In Person

Mr. Leonard Ong Sharing

Mr. Ryan Baxendale Sharing

Teh Kaiwen Sharing

Attentive Audience #1

Trivia Quiz Briefing

Break / Networking #1

Break / Networking #2

Break / Networking #3

Marking Trivia Quiz

Nikolas Tay Presenting

Jeremy Heng Presenting

Ku Wee Kiat Sharing

Facebook Toolkit Presentation

Cold Boot Presentation

Chia Yong Xiang Presenting

Ng Choon Heng Presenting

Attentive Audience #2

Student Group Appreciation

Trivia Prize Winner

Intermission Group Photo

Article adapted from writeup by Nikolas Tay (SP)

Event photos courtesy of James Lai Zhiyuan (NYP)

Asia Pacific CACS / ISRM 2013

Source Page: http://cacs2013.isaca.org.sg/

In today’s ever changing market landscape, there has been a growing concern by business leaders and enterprise stakeholders regarding Cybersecurity risks, IT governance and compliance to both local and foreign regulations.

The Asia-Pacific Computer Audit, Control and Security Conference (CACS)/Information Security and Risk Management Conference (ISRM) 2013 is Asia’s premier conference for IT Audit, Information Security, Governance, Risk and Compliance Professionals. It aims to bring together members of the business and IT controls community, to discuss and share industry best practices regarding these complex challenges at a strategic and thematic level. The conference promises to bring new insights into the current IT and regulatory environment needed to develop strategies to address these growing risks and concerns at the root cause.

This comprehensive event will feature a host of computer auditing and information systems experts who will share their wealth of knowledge and experiences. Attendees will have the opportunity to engage with thought leaders from diverse industries, helping their enterprises achieve greater trust in, and value from, information technology.

CACS/ISRM 2013 will be held from the 6th to 7th May 2013 at the Marina Bay Sands Expo & Convention Centre (Singapore), with the post-conference workshops following on the 8th to 9th May 2013.

Attendees can earn up to 30 CPE credits; 16 CPE by attending the CACS/ISRM 2013 Conference and an additional 14 CPE credits for attending both days of optional post-conference workshops.

Click here for the conference brochure.

Details Extract

When
Monday, 6 May, 2013 – Thursday, 9 May, 2013
8:00 AM – 5:00 PM

Where
Sands Expo and Convention Centre
10 Bayfront Avenue
018956
Singapore

Register

http://www.cvent.com/events/cacs-isrm-2013/registration-6d88b3168759443d8026a64e5cb86174.aspx

New Additions of ISACA Student Members

In March 2013, another eight students who are currently studying or graduated from the Diploma in Infocomm Security Management in Singapore Polytechnic had their student membership officially activated by the headquarter.

This most recent list of newly registered members of SP-ISACA Student Group include:

• Santhoshraj s/o Elamparidhri (Year 1)
• Nikolas Tay Zhihao (Year 1)
• Neo Zhi Bin (Year 1)
• Muhammad Mustaqiim Bin Muhar (Year 1)
• Muhd Asri Bin Mohdali (Year 1)
• Ian Tan Cher Han (Year 2)
• Dixon Soo (Year 2)
• Andre Ng (DISM Graduate)

Congratulations to all of them. Welcome to our ISACA family!

SP-ISACA Gaining Official Recognition by International Headquarter

As everyone steps into a brand new year 2013, SP-ISACA has too got a great start as the group has been recognized since January as a full fledged ISACA Student Group (ISG) by the International Headquarter of Information System Audit and Control Association (ISACA HQ), thanks to the strong support from ISACA Singapore Chapter and Academic Advocates in Singapore Polytechnic.

SP-ISACA Officially Recognized by International Headquarter

The SP-ISACA group currently has nearly 20 registered students members. In time to come it is firmly believed that the group will continue to grow and exert its positive impact on fellow students from Diploma in Infocomm Security management in Singapore Polytechnic, through organizing various events and activities for instance, while working towards the long term target, that is

Aiming to expand recognition of the IT Audit and Assurance, Security and IT governance disciplines/focus areas by educating students about standards, practices and certifications.

Congratulations to SP-ISACA office and all new members!

Link to Recognized ISACA Student Groups:
http://www.isaca.org/Membership/Student-Membership/Student-Groups/Pages/Recognized-ISACA-Student-Groups.aspx

Inaugural ISACA DAY @ SP

On 3rd January 2013, Singapore Polytechnic Information Systems Audit and Control Association Student Group (SP-ISACA) held its first ever ISACA Day at the newly opened Cyber Wargame Centre in SP. During this event, professionals from the field of Information Security (InfoSec) were invited to share about a wide range of topics, ranging from various know-hows in their line of expertise to their personal experiences in the field. In addition to the sharing session, the event also included the prize presentation for DISM’s first ever CTF (DISM CTF-X) and a workshop on Privilege Escalation, which was conducted by student trainers from SP-ISACA.

Event Emcee kicking off the main event of ISACA Day @ SP

DISM Course Manager Mr Liew Chin Chuan giving opening address

ISACA SG Director Mr Jamal Sheik giving an introductory presentation on ISACA

The event started off on a lively note, as many eager attendees gathered in the premises of the Cyber Wargame Centre in anticipation of the events to follow. To put things into context, the day started off with Mr Jamal Sheik, Director of Program (Seminar) of the ISACA Singapore Chapter giving introduction of ISACA to the attendees of the event. Mr Sheik went into great detail to explain the philosophy behind such an organisation, what they hoped to achieve, and also touched on some of the events organised by them. In addition, he also highlighted the existence of the ISACA Student Group which is branch of ISACA which caters to its student members. Besides covering the benefits entitled to members of the ISACA Student Group, he went on to mention the key idea behind forming such a group – to form a network of students, allowing them learn from each other beyond the confines of a classroom. The contents of Mr Sheik’s speech clearly resonated with the interests of a number of student attendees as quite a number of students proceeded to the membership booth and signed up as students members througout the entire course of the event.

Mr Ho Shee Yan sharing on “Success Factors on Information Systems Audit”

Mr Ho addressing to audience on the other side of the room

Explaining on more details about Information System Control Strategies

Following the speech by Mr Sheik was a sharing on the “Success Factors on Information Systems Audit” by Mr Ho Shee Yan, Head of Audit at the Accounting & Corporate Regulatory Authority Singapore. Possessing many years of experience as a professional in the auditing scene, Mr Ho shared about the nature of his job and the demands of those who choose to undertake this

profession. Additionally, he brought up some of his know-hows of the profession, covering certain dos and don’ts in the field. This proved to be valuable information to a majority of the student attendees as it was closely related to one of the modules covered in their course. For the others, it served as an enriching food for thought, especially those aspiring to become information system auditors in the future.

Mr Huynh Thien Tam starting with an introduction about himself

Audience sitting in two security labs of the new Cyber Wargame Centre

Mr Huynh interacting with DISM students on the topic of CTF involvement

Mr Dominic Sim, consultant from KPMG Singapore, talking about his interesting experience as a pen-tester

The next sharing was conducted by Mr Huynh Thien Tam, Manager of Security Assessment Advisory at KPMG Singapore. During his segment, Mr Hyunh gave a detailed account of his days as a penetration tester and highlighted some of the many aspects of the job which he enjoys. He also brought up some of his achievements which ranged from fruitful participation in several security technology competitions to the discovery of multiple zero day vulnerabilities with his team later in his career. As he spoke about his conquests, much of the crowd was intrigued as they witnessed a story about how a simple passion of his led to the successful career he has today.

Mr Liew presenting SP home-made gift hamper to Mr Ho

Mr Liew presenting SP home-made gift hamper to Mr Huynh

Mr Liew presenting a token of appreciation to Mr Sheik

Mr Sheik presenting a plaque of recognition to SP-ISACA Student Group

Though the end of Mr Huynh’s session marked the end of the sharing sessions for the day, there were still a number of activities to come. To thank all the speakers for the invaluable knowledge they imparted to the attendees, Mr Liew Chin Chuan, the course manager for DISM presented them with tokens of appreciation. Following this, it was now time to present the prizes for the DISM CTF-X Season – a CTF competition co-organised by the SP-ISACA Student Group and DISM Special Interest Group. As the names of the winners were called out, their faces brimmed with joy as the proceeded to collect their well-deserved prizes which were presented to them by none other than DMIT’s Director Ms Georgina Phua. To conclude the session, Mr Sheik then presented a plaque to the SP-ISACA Student Group to thank them for all the hard work in organising this enriching event.

DMIT Director Ms Georgina Phua presenting Certificate of Participation in DISM CTF S1 to year 1 student Cheong Ren Hann

DMIT Director Ms Georgina Phua presenting Certificate of Participation in DISM CTF S1 to year 2 student Suhaimi

DMIT Director Ms Georgina Phua presenting Certificate of Participation in DISM CTF S1 to year 3 student Lee Xin En

DMIT Director Ms Georgina Phua presenting Certificate of Merit to DISM CTF S1 2nd Runner-up team Digimon

DMIT Director Ms Georgina Phua presenting Certificate of Merit to DISM CTF S1 1st Runner-up team and Top Team in July Team HBE

DMIT Director Ms Georgina Phua presenting Certificate of Merit to DISM CTF S1 Grand Champion team and Top Team in June ╚ ICITIR ┘

Ms Georgina Phua, Director of School of DMIT giving an inspiring closing speech to all participants in ISACA Day @ SP

Mr Liew, Mr Ho and Ms Phua having conversation after the event proper

Guest speakers and lecturers chatting pleasantly during the light refreshment session

New ISACA Student Member and lucky draw winner Mustaqiim receiving prize from DISM lecturer Mr Samson Yeow

New ISACA Student Member, lucky draw grand winner as well as event photographer Dixon Soo with Mr Yeow

After a session of refreshments and a lucky draw session, it was time for the second segment of the day – the privilege escalation workshop. Although there were not a very large crowd who stayed behind for this workshop, those that remained were extremely eager to pick up anything they could gain from the session, which was organized and conducted by SP-ISACA student instructors. Through the mentorship of the two knowledgeable trainers, attendees were guided through the privilege challenges from Nebula, a virtual machine which can be found at expoilt-exercises.com. The small class size played to our advantage as the session was carried out very smoothly, thus it was both a fun and enriching experience for all the attendees of the workshop.

A closed session workshop on exploits and privilege escalation

One of the SP-ISACA Student Instructors Jeremy introducing on the contents of the workshop

The engrossed participants concentrating fully on the exercises

Student Instructor Jeremy providing a one-to-one guidance

All in all, ISACA Day 2013 was of utmost success. It could be seen that many of the students thoroughly enjoyed the session and had a valuable learning experience. Hopefully, such an event could be carried out for the many years to come.

Pictures captured by Dixon Soo, dedicated photographer for ISACA Day @ SP

Coverage adapted based on write-up by Nikolas Tay, ISACA student member

ISACA Singapore Chapter Boarding of Directors Meeting

On the evening of Nov 6th, the leaders of all three local student groups (Singapore Polytechnic, Temasek Polytechnic and Nanyang Polytechnic) as well as their academic advocates were invited to join the monthly Board of Directors meeting of ISACA Singapore Chapter.

Student leaders shared about their discussion progress on an upcoming jointly organized gathering of Institute of Higher Learning as well as the past activities both within and outside of school organized by each student group. President of ISACA Singapore Chapter Mr Leonard Ong and other Directors offered some feedback and suggestion on membership drive, and also briefly introduced about TACS event in 2013.

It was a great opportunity for student leaders to have a taste of how formal BoD meetings in the industry are conducted and the Directors also got to know about the student activities more closely.

Competition Training & Sharing Session

A one-day training and sharing session in preparation for the upcoming Capture The Flag competitions such as GovernmentWare Singapore Cyber Conquest and Hack In The Box in Kuala Lumpur was organized by the SP-ISACA Student Group (ISG) in collaboration with the DISM Student Interest Group  on the 6th of September.

Final year students including ISG instructor Ng Choon Heng and Ku Wee Kiat conducted the session in a workshop-like style. Some of the topics shared are CTF fundamental knowledge, pre-competition setup, team building and dynamics, method and skills of communication during tournament, useful tools and software as well as common providers and frameworks for self-training and practice.

Opening speech on behalf of SP-ISACA Student Group

Student instructor Ng Choon Heng setting up

Beginning the morning session of workshop

Year 1 student Nikolas Tay receiving one-to-one guidance

Demonstration of foot-printing software Maltego

Happily walking to lunch!

Afternoon session conducted by Ku Wee Kiat

Demonstration of DNS lookup through various means

Common JavaScript obfuscation method

Year 1 and 2 participants said they benefited quite a bit from the session at the end of the day. At the same time some junior students such as Bai Jiacheng from year 2 and Nikolas Tay from year 1 also expressed their interest in learning more on Wireless Auditing and Web Application Vulnerabilities. Hopefully it would be covered in the future sessions to come.

Let us wish those who would be taking part in the coming tournaments good luck and all the best. Make us proud guys!

Pizza and Game Get-together

On the afternoon of 8th August (Wednesday), some DISM students came together for a Pizza and Games Gathering, which has over the years become somewhat like a tradition in the DISM course. This time the event was initiated and organized by members of ISACA-SP Student Group and the theme was “FFF” which stands for Full of Food and Fun.

Can anyone tell which game our friend here is playing?

What is that topic that seems to be so interesting?

Looks like someone has found a cozy corner … with TV

The participating students who came from all walks of years enjoyed themselves playing games, among which was for example the popular masterpiece Dota2, on laptops as well as various Xbox games and the Xbox 360 sets provided by the school, while indulging themselves with the delicious pizzas and drinks delivered to the doorstep.

It was not just a bonding moment but also also n enriching experience. At the same time a few senior students shared with those interested juniors about our DISM Special Interest Group (SIG) and their involvement in numerous Capture The Flag competitions.

Hope more student would join and have fun in the Pizza and Games session next year!

Collaborative CTF by ISACA-SP and DISM-SIG

In the past semester, a group of volunteers from the ISACA-SP Student Group as well as the DISM SIG members ran a semester long miniature capture the flag (CTF) online competition.

Index Page of the Online CTF System

It was made open to anyone with a valid Singapore Polytechnic email address, but the majority of the participants came from the DISM year 2s and year 3s.

The aim of the event was to increase interest in infosecurity by supplying interesting challenges for the CTF teams to solve in their free time.

A Portion of the Rules and Regulations of the Competition

The project was officially kicked start during the holidays. Members of this ‘CTF committee’ were assigned different roles on order to bring up the event in time for the semester’s start, when everyone else would be returning to school.

One was appointed as the system developer and coded and designed the website from scratch, some worked on server and network administration at the labs where the project was hosted, whilst others crafted the challenges and puzzles.

A List of Puzzles / Challenges for Participants to solve

It was a democratic process, where the group met frequently to make and solidify decisions over issues such as the suitability of the challenges, website bugs or design, and the exciting topic on prizes to award.

Screenshot of One of the Entry Puzzle “Cracked The File”

Another Puzzle “SpyKey” of Entry Level Difficulty

After the site went live, quite a number of students from year 1, 2, 3 and even graduates signed up to participate. Many grabbed the additional points by being the first few teams in submitting flags whilst others got a bit of help from the hints released gradually.

After one month from the release of a puzzle, teams are invited to submit write-ups for their solution approach for the benefit of others as well as more reward points, which would all be summed up in calculation of the final ranking after the semester.

Ranking Board of Participating Teams after End of July

Hope this joint adventure by ISACA-SP and DISM-SIG could inspire the passion for InfoSecurity in more and more students. Good luck to all teams that are take part!

ISACA Singapore Chapter Annual General Meeting

The 29th Annual General Meeting (AGM) of ISACA Singapore Chapter was held on the 19th of April in the Antica Ballroom of Orchard Parade Hotel.

The course manager of Diploma in Infocomm Security Management Mr Liew Chin Chuan from Singapore Polytechnic attended the meeting along with the newly elected student President and Vice President of ISACA-SP Student Group.

During the meeting it was mentioned that significant progress has been made in outreach activities towards local education institutions such as Singapore Polytechnic and that more successful events are to be expected.

The two ISACA-SP Academic Advocates Mr Liew and Mr Samson Yeow were also thanked for their continuing support in various Academic Outreach activities.