Singapore Cyber Conquest
The Singapore Cyber Conquest is a highlight of GovWare, open only to students of Institutes of Higher Learning (IHL) to challenge their cyber security capabilities in a near real-world cyber range. Participants will race against time to complete a diverse range of cybersecurity challenges that will put their cybersecurity skills and knowledge to the ultimate test.
- The competition is a computer and network security challenge designed to test a participant's experience and skills in a safe environment.
- It is accessible to a broad level of player skill ranges and is split into separate levels so that advanced players may quickly move through earlier levels to the level of their expertise.
System Setup and Reading Materials
- Participants are to bring a laptop running both Windows (e.g. Windows 7/Windows 8/Windows 10) and Linux operating systems (e.g. Ubuntu, Redhat, any UNIX-like) as some challenges are easier to deal with in Windows environment and vice versa. The laptop would be connecting to a Wired Ethernet network.
- A maximum of two laptops per participant is allowed.
- All tools and their respective README files needed to solve the challenges will be provided. Participants will also be allowed to use their own tools.
- The challenges will cover topics like:
- Exploit development for heap overflow, stack overflow, etc.
- Bypassing mitigation techniques such as StackGuard, Address Space Layout Randomization (ASLR), and RELRO
- Web security
- OWASP Top 10
- Advanced penetration testing
- Reverse engineering
- Disassembling / decompiling
- Unpacking / anti anti-debug / de-obfuscation
- Classical cipher
- Symmetric-key algorithm
- Public-key cryptography
- Digital signature
- Packet analysis, memory forensics, disk recovery
- Other basic cybersecurity skills
- Participants are expected to behave professionally at all times.
- Participants will not tamper with, modify, or attempt to manipulate any element of the competition including scoring and management systems.
- Denial of Service (DoS) attacks are not allowed.
- Participants will not reboot, shutdown, or intentionally disable the services or functions of the target systems.
- Participants will not conduct any offensive actions that scan, attack, or interfere with another participant's system, unless stated otherwise.
- Participants will not enter another participant's workspace, nor attempt to deceive, hoax, or assist other participants by any means.
- Participants must compete without "outside assistance" from non-participants.
- Participants may not publicly disclose information about the competition or targets including flags or their means of obtaining them without the express written consent of the organiser.
- Participants understand that violation of this code of conduct or of these rules is grounds for their immediate dismissal and disqualification from the competition, as well as removal from the competition area.
- Internet resources such as company websites, FAQs, and existing forum responses may be used during competition provided there are no fees, membership, or special access required. Only resources that could reasonably be available to all participants are permitted.
- All network activity that takes place on the competition network may be logged and subject to release.
- Printed reference materials (books, magazines, checklists, etc.) are permitted.
- All competition materials, including equipment, hand-outs, and participant-generated reports and documents, must remain in the competition area unless specifically authorized. Only materials brought into the competition area may be removed after the competition concludes.
- Participants should work with the competition staff to resolve any questions regarding the rules of the competition or scoring methods before the competition begins.
- Should any questions arise about scoring, the scoring engine, or how they function, participants should immediately contact the competition staff.
- Protests must be presented in writing to the competition staff as soon as possible. The competition officials are the final arbitrators for any protests or questions arising before, during, or after the competition. Rulings by the competition officials are final. All competition results are official and final as of the end of the competition.
- Scoring is based on completing tasks that are provided throughout the competition.
Participants accumulate points by successfully obtaining flags and entering them into the scoring system.
- Scores are maintained by the competition officials and may be shared at the end of the competition. Running totals may be provided during the competition. Rankings for some portion of the top participants may be provided during the competition.
- Attacking or otherwise interfering with the scoring system is strictly prohibited.
- Scoring will be publicly displayed on a near-real time basis for all teams to see.
You may wish to express your interest by writing in to [email protected].