Posts

Critical Infrastructure Defence Exercise (CIDeX) 2022

Image
Critical Infrastructure Defence Exercise (CIDeX) 2022: We were thankful and elevated for the opportunity to support and host the inaugural Critical Infrastructure Defence Exercise (CIDeX) from 15 to 16 November at the National University of Singapore (NUS) School of Computing. The cyber defence exercise involved over 100 participants from the Digital and Intelligence Service (DIS) and 16 other national agencies across the Critical Information Infrastructure (CII) sectors. CIDeX is the largest Operational Technology (OT) Critical Infrastructure defence exercise focused on training and strengthening Whole-Of-Government (WoG) cyber capabilities to detect and tackle cyber security threats to Information Technology (IT) and OT networks that control the operations of critical infrastructure. Read more at: https://www.mindef.gov.sg/web/portal/mindef/news-and-events/latest-releases/article-detail/2022/November/16nov22_nr

GreyCTF 2022: Event Summary + Catching Up with the Student Leaders of Greyhats

Image
Early this year in June, NCL and NUS Greyhats had the pleasure of organizing GreyCTF 2022. The event was sponsored by CSA, Guardrails and Ensign Infosecurity. The online qualifiers ran from 6 June to 10 June, while the finals ran from 18 June to 19 June. Over 354 participants took part in the online qualifiers, while 10 local teams fought their way to the finals, held at NUS i4. <Finalists, organisers and sponsors> The event was kicked off with speeches by representatives from sponsors CSA, Guardrails.  Participants were then ushered to their respective allocated meeting rooms and the competition commenced. Following an intensive competition which ended the following day, the winning teams were finalized. All teams gathered for the prize ceremony, where representatives from Ensign Infosecurity closed the event with a motivational speech to all participants. The winners were presented prizes and all participants enjoyed a buffet spread prepared for them. <Ms. Christine W

Working Visit by BG Edward Chen, Commander SAF C4 Command / Cybersecurity Taskforce

Image
National Cybersecurity R&D Laboratory (NCL) is pleased to host BG Edward Chen, Commander SAF C4 Command / Cybersecurity Taskforce , who visited the School of Computing (SoC), as a part of preparation work for the Critical Infrastructure Defence Exercise (CIDeX) 2022 . The CIDeX 2022 is organized by the Ministry of Defence of Singapore (MINDEF) , scheduled for 15 and 16 November 2022 at the School of Computing, NUS. The premia cyber exercise gives Singapore’s critical infrastructure (CI) operators and regulators a learning platform to appreciate and practice the defence of a CI platform. With better insight into how the platform – comprising IT and OT networks – can suffer from cyber-attacks and their adverse consequences, the CII teams can distil these lessons and tailor them to augment their respective organizations cyber response and protection strategies. Look forward to one of the biggest Cyberexercise events (CIDeX 2022) in Singapore.

WACI Day 2022 - Organized by NCL and SGSC

Image
NCL collaborated with SGCSC in hosting Wild And Crazy Ideas (WACI) Day 2022 on 2 Aug. WACI Day featured cybersecurity tech demonstrations from various IHLs/RIs and showcased demonstrable tools. The event was held in-person at NUS Innovation 4.0. Prof Liang Zhenkai, PI NCL gave an opening address to the guests in attendance. Anis Yusof (Researcher, NCL) presented on "Cyber Raptor: Reconstructing Interactive Environment from APT Reports". Dr-Ing Anupam Chattopadhyay (NTU) presented on "Capturing and Evaluating Side-Channel Leakages". Dr Xuhua Ding (SMU) presented on "A Novel Dynamic Analysis Infrastructure to Instrument Untrusted Execution Flow Across User-Kernel Spaces". Dr Jit Biswas (SUTD) presented on "Monitoring SCADA Servers and Assessing Reliability through Similarity Matching - providing objective assurance for patching in electrical systems". Other presentations not pictured: Dr Vishram Mishra (SUTD) presented on "Anomaly Detection in

NCL Visit by Professor Ravi Iyer & Dr. Daisuke Mashima

Image
  Prof Ravishankar K. Iyer and Dr Daisuke Mashima visited National Cybersecurity R&D Lab (NCL) in Singapore to discuss about various topics including the trending cybersecurity landscape and potential research collaborations. They commended NCL's ongoing research works and discussed ways in which NCL's capabilities could be leveraged in potential areas of collaboration. About our visitors: Prof Iyer is George and Ann Fisher Distinguished Professor of Engineering at the University of Illinois at Urbana-Champaign (UIUC). Having a multidisciplinary focus on systems and machine learning, he is involved in defining new boundaries for the security of critical infrastructures and health analytics. His focus on real world applications bridges the gap between research and practical uses by having strong collaborations with industries, government agencies, and health providers. Dr Daisuke is a principal research scientist at Advanced Digital Sciences Center (ADSC), a research centre

Spring4Shell PoC in NCL Testbed

In the current Java based web application ecosystem, a framework called Spring is dominantly in use (in more than 60% of applications). On March 30 th , 2022, two critical vulnerabilities, CVE-2022-22963 and CVE-2022-22965, were reported, which pose a major threat to applications developed with the Spring framework. The first vulnerability affected the “spring-cloud-function-context" library (org.springframework.cloud). The latter, CVE-2022-22965, widely known as Spring4Shell, affected “spring-beans” ( org.springframework.cloud ). In this report we focus on Spring4Shell vulnerability, which can allow Remote Code Execution (RCE) on the server that is running the web application, by unauthorized and malicious actors. The library o rg.springframework.cloud: spring-beans, is a typical transitive dependency of a popular framework used widely in Java applications and requires Java Development Kit version 9 (JDK9) or newer to be running. It is a bypass for an older CVE, CVE-2010-1622 th

NCL automatically generates network traffics for web IT environment

Image
  NATIONAL CYBERSECURITY R&D LAB OCTOBOT DEMO - FOR WEB IT ENV ENV = Environment  OVERVIEW Experimentation/testing in a large-scale testbed environment requires a large amount of emulated traffic to ensure realistic scenario execution and better experiment results. A large number of human-generated network activities can emulate traffic from real network users. Deploying and producing a single activity from an individual user is simple, but emulating and automating it from multiple users with a wide range of activities is challenging. We designed a containerized human agent (i.e., bot) to generate a single activity. Thus, a large number of bots can be deployed and controlled by a single orchestration system. Due to the complexity and wide-range usage of container orchestration systems, we need to develop a simpler system that leverages widely-used open-source container orchestrators. So, researchers and scientists can easily use it to define and execute activity requirements with a