Singapore Cyber Conquest

The Singapore Cyber Conquest is a highlight of Singapore International Cyber Week, specifically for IHL students to challenge their cyber security capabilities in a near real-world cyber range. Participants will race against time to complete a diverse range of cybersecurity challenges that will put their cybersecurity skills and knowledge to the ultimate test.

  1. A cybersecurity challenge designed to test participants’ skills and knowledge within a designated time.

  2. Catering to a broad range of cybersecurity skills, the challenges are split into different levels, allowing advanced players to move quickly through to the level of their expertise.

  3. This is a team competition with 2 participants per team.
System Setup and Reading Materials
  1. Participants are to bring a laptop running both Windows (e.g. Windows 7/Windows 8/Windows 10) and Linux operating systems (e.g. Ubuntu, Redhat, any UNIX-like) as
    some challenges are easier to deal with in Windows environment and vice versa.
    The laptop would be connected to an Ethernet network.

  2. Each participant is allowed a maximum of 2 laptops. Each team will be provided with 2 Ethernet points for internet access and 2 power points.

  3. Participants are to provide their own tools to solve the challenges.

  4. The challenges will cover topics such as:
    1. Exploitation
      1. Exploit development for heap overflow, stack overflow, etc.
      2. Bypass mitigation techniques such as StackGuard, Address Space Layout Randomization (ASLR), and RELRO
    2. Web security
      1. OWASP Top 10
      2. Advanced penetration testing
      3. Reconnaissance
    3. Reverse engineering
      1. Disassembling / decompiling
      2. Unpacking / anti anti-debug / de-obfuscation
    4. Cryptography
      1. Classical cipher
      2. Symmetric-key algorithm
      3. Public-key cryptography
      4. Digital signature
      5. Steganography
    5. Misc.
      1. Packet analysis, memory forensics, disk recovery
      2. Other basic cybersecurity skills
Code of Conduct
  1. Participants are expected to behave professionally at all times.

  2. Participants must not tamper with, modify, or attempt to manipulate any element of the competition including scoring and management systems.

  3. Denial of Service (DoS) attacks are not allowed.

  4. Participants must not reboot, shutdown, or intentionally disable the services or functions of the target systems.

  5. Participants must not conduct any offensive actions that scan, attack, or interfere with another participant's system, unless stated otherwise.

  6. Participants will not enter another participant's workspace, nor attempt to deceive, hoax, or assist other participants by any means.

  7. Participants must compete without external assistance from non-participants.

  8. Participants must not publicly disclose information about the competition or targets; including flags or their means of obtaining them without the express written consent of the organiser.

  9. Participants understand that violation of this code of conduct or of these rules is grounds for their immediate dismissal and disqualification from the competition, as well as removal from the competition area.
Internet Usage
  1. Internet resources such as company websites, FAQs, and existing forum responses may be used during competition provided there are no fees, membership, or special access required. Only resources that could reasonably be available to all participants are permitted.

  2. All network activity that takes place on the competition network may be logged and subject to release.
Permitted Materials
  1. Printed reference materials (books, magazines, checklists, etc.) are permitted.

  2. All competition materials, including any equipment or hand-outs provided by the organiser, and participant-generated reports and documents, must remain in the competition area unless specifically authorised. Only materials and equipment brought into the competition area by participants may be removed after the competition concludes.
Questions and Disputes
  1. Participants should work with the competition staff to resolve any questions regarding the rules of the competition or scoring methods before the competition begins.

  2. Should any questions arise about scoring, the scoring engine, or how they function, participants should immediately contact the competition staff.

  3. Protests must be presented in writing to the competition staff as soon as possible. The competition officials are the final arbitrators for any protests or questions arising before, during, or after the competition. Rulings by the competition officials are final. All competition results are official and final as of the end of the competition.
  1. Scoring is based on completing tasks that are provided throughout the competition. Participants accumulate points by successfully obtaining flags and entering them into the scoring system.

  2. Scores are maintained by the competition officials and may be shared at the end of the competition. Running totals may be provided during the competition. Rankings for some portion of the top participants may be provided during the competition.

  3. Attacking or otherwise interfering with the scoring system is strictly prohibited.

  4. Scoring will be publicly displayed on a near-real time basis for all teams to see.

You may wish to express your interest by writing in to [email protected]