Singapore Cyber Conquest

The Singapore Cyber Conquest is a highlight of GovWare, open only to students of Institutes of Higher Learning (IHLs) in Singapore and ASEAN to challenge their cybersecurity capabilities in a near real-world cyber range. Participants will race against time to complete a diverse range of cybersecurity challenges that will put their cybersecurity skills and knowledge to the ultimate test.

Competition Design
  1. The competition is a Red and Blue team-type challenge where participants are tested for their ability to understand the vulnerabilities of their infrastructure and also monitoring and fixing the security of their network under various attack scenarios.

  2. The challenges are very relatable to the latest and greatest cyber-attacks that can tap into the participants’ learning and understanding of real world defence.

  3. Each team is expected to have a red team (member will have the ability to detect vulnerabilities in a system/network etc) and blue team (member will have the ability to monitor traffic and logs and implement controls accordingly using firewall, SIEM etc.).
System Setup and Reading Materials
  1. Participants are to bring a laptop running both Windows (e.g. Windows 7/Windows 8/Windows 10) and Linux operating systems (e.g. Ubuntu, Redhat, any UNIX-like) as some challenges are easier to deal with in Windows environment and vice versa. The laptop would be connecting to a Wired Ethernet network. For the red team challenges, participants are recommended to use Kali as the tools within will help speed up the solving of challenges. For the blue team challenges, participants are given browser-based access to tools such as firewall and SIEM.

  2. A maximum of two laptops per participant is allowed.

  3. All tools and their respective README files needed to solve the challenges will be provided. Participants will also be allowed to use their own tools.

  4. The challenges will be inherent and not explicitly stated. They will cover topics such as:

    RED:
    - Enumeration
    - Web Server Attacks
    - Database Attacks
    - Windows Attacks
    - Root Access
    - Cryptography
    - Steganography

    BLUE:
    - Application Detection
    - Reconnaissance
    - Phishing
    - Malware/Exploits
    - Lateral Propagation
    - Data Leakage
    - Reverse Engineering
    - Digital Forensics

    Note: The topics above are provided as a guidance only.
Code of Conduct
  1. Participants are always expected to behave professionally.

  2. Participants will not tamper with, modify, or attempt to manipulate any element of the competition including scoring and management systems.

  3. Denial of Service (DoS) attacks are not allowed.

  4. Participants will not reboot, shutdown, or intentionally disable the services or functions of the target systems.

  5. Participants will not conduct any offensive actions that scan, attack, or interfere with another participant's system, unless stated otherwise.

  6. Participants will not enter another participant's workspace, nor attempt to deceive, hoax, or assist other participants by any means.

  7. Participants must compete without "outside assistance" from non-participants.

  8. Participants may not publicly disclose information about the competition or targets including flags or their means of obtaining them without the express written consent of the organiser.

  9. Participants understand that violation of this code of conduct or of these rules is grounds for their immediate dismissal and disqualification from the competition, as well as removal from the competition area.
Internet Usage
  1. Internet is not provided during the competition. The participants can however, use their own internet to do any research/ download any tools that are needed to complete the challenges.

  2. Internet resources such as company websites, FAQs, and existing forum responses may be used during competition provided there are no fees, membership, or special access required. Only resources that could reasonably be available to all participants are permitted.

  3. All network activity that takes place on the competition network may be logged and subject to release.
Permitted Materials
  1. Printed reference materials (books, magazines, checklists, etc.) are permitted.

  2. All competition materials, including equipment, hand-outs, and participant-generated reports and documents, must remain in the competition area unless specifically authorized. Only materials brought into the competition area may be removed after the competition concludes.
Questions and Disputes
  1. Participants should work with the competition staff to resolve any questions regarding the rules of the competition or scoring methods before the competition begins.

  2. Should any questions arise about scoring, the scoring engine, or how they function, participants should immediately contact the competition staff.

  3. Protests must be presented in writing to the competition staff as soon as possible. The competition officials are the final arbitrators for any protests or questions arising before, during, or after the competition. Rulings by the competition officials are final. All competition results are official and final as of the end of the competition.
Scoring
  1. Scoring is based on completing tasks that are provided throughout the competition. Participants accumulate points by successfully obtaining flags and entering them into the scoring system.

  2. Scores are maintained by the competition officials and may be shared at the end of the competition. Running totals may be provided during the competition. Rankings for some portion of the top participants may be provided during the competition.

  3. Scoring will be publicly displayed on a near-real time basis for all teams to see.

  4. Attacking or otherwise interfering with the scoring system is strictly prohibited and could subject the team to disqualification.

You may wish to express your interest by writing in to [email protected].