The Winning Mix: Team T0X1C V4P0R
L to R: Ho Jie Feng, 23, NUS; VS Ragul Balaji, 23, SUTD; See Ming Jie, 23, Imperial College London; Han Xing Yi, 21, SUTD. Not pictured: Tan Wei Jie Solomon, 23, NTU (Image Credit: HTX)
On 27th December 2021, team T0X1C V4P0R was crowned the champions of the inaugural HTX Investigators’ Challenge (HTXIC), a Capture-the-Flag (CTF) competition that encapsulated the work that HTX’s scientists and engineers do to keep Singapore safe and secure.
“We were pleasantly surprised that our efforts during the challenge were well-rewarded! We really enjoyed participating in HTXIC, where we got to apply our wide breadth of knowledge from Internet of Things, to web security, operating systems and more!” said T0X1C V4P0R.
The team of Capture-the-Flag (CTF) veterans comprised of third-year undergraduates from various disciplines: Computer Science, Math, Aerospace Engineering and Electronics Engineering.
This mix of disciplines was what gave them the edge in the competition, said the 23-year-old team leader VS Ragul Balaji.
As the competition had diverse challenges from various domains such as Chemical, Biological, Radiological Nuclear and Explosives (CBRNE), forensics, robotics, biometric and profiling, the challenges did not follow the usual design of typical cybersecurity-focused CTFs.
“As we have played many cybersecurity CTFs, we realise that we could fall into a trap where we are so convinced that we are on the right path, even though it is wrong. That doesn’t happen when everyone has their own specialisation,” said Ragul, who is an Information Systems Technology and Design student from the Singapore University of Technology and Design (SUTD).
He added that when they were stuck at challenges, being of different disciplines lets them consider different approaches and their blind spots, allowing them to solve challenges quickly.
These CTF veterans, who are also organisers of CTFs for Junior Colleges themselves, enjoyed the seamless transitions between the three-dimensional (3D) gamified world and the physical challenges, allowing them to be immersed in the storyline.
“Inside the game client, the office world was the actual layout of the physical office, which is quite interesting because it really makes you feel like you are in the real situation. The physical fingerprint dusting challenge was also very interesting as I think that not many people have actually done fingerprinting before,” said 21-year-old Han Xing Yi, an Information Systems Technology and Design student from SUTD.
The fingerprint dusting kit provided in the goodie bags to all participants. (Photo Credit: HTX)
Plunging into Homeland Security: Team Bathing Frog
L to R: Joshua Foo,17, RI; Caslyn Phang, 20, SMU; Nathaniel Chan, 25, SIT; Lim Jin Kai, 18, RI (Image Credit: HTX)
As the first runners-up, team Bathing Frog was glad that they took the plunge to participate in HTXIC.
Formed by a group of friends from the same online community (on a Discord server), the motley crew only met each other in person when they went to collect their HTXIC goodie bags!
Yet, their teamwork and brilliance shone through the competition, as they managed to solve many difficult challenges, one of which was the drone hacking challenge that only had two solves.
Participants had to hack into a computer that controlled a drone. (GIF Credit: HTX)
A successfully hacked drone lands. (GIF Credit: HTX)
Looking back at their experience in HTXIC, the team felt that the mission-driven challenges and focused storyline taught them new insights about homeland security.
“This CTF was very investigator-based, so we saw a lot of forensics and cipher challenges. I think I have gained quite a bit of insight into the different types of digital and physical forensics,” said 18-year-old Lim Jin Kai, a sixth-year student from Raffles Institution.
The team did express some regret from having the lead taken from them by T0X1C V4P0R at the last mile of the competition but endeavoured to build back better for the next one.
“I think every competition tells us both our strengths and weaknesses. Our weaknesses will drive us forward and show us the areas that we need to work on. So that’s what we will continue to do after this competition,” said 20-year-old Caslyn Phang, a second-year Information Systems undergraduate at Singapore Management University.
In Hindsight: Team my lil pwny
L to R: D Ravin, 23, Nanyang Polytechnic; Ong Zheng Jie, 21, Ngee Ann Polytechnic; Alloysius Goh, 21, Ngee Ann Polytechnic; Ashok Balaji, 21, Ngee Ann Polytechnic (Image Credit: HTX)
Team my lil pwny, made up of CTF enthusiasts who met in polytechnic, has around two years of competition experience as a team.
They were armed with a solid game plan going in: Ravin handles web exploitation, Ashok takes on binary exploitation, Alloysius tackles reverse engineering, and Zheng Jie supports them by completing the other miscellaneous challenges.
Their game plan managed to win them the second runners-up award, but they knew they could have achieved much better.
“We would have done many things differently,” said 21-year-old Ashok Balaji, an Information Security and Forensics graduate from Ngee Ann Polytechnic.
One was that they had stayed in a single world within the 3D game environment, and not ventured out to discover the easier challenges in the other worlds.
“We would have attempted more challenges to get the first blood bonus points. Our first two to three hours into the game were too laidback,” said 23-year-old D Ravin, a Cyber Security and Digital Forensics graduate from Nanyang Polytechnic.
For the team, this had been a unique CTF that introduced HTX’s expertise in an immersive way.
“I think this CTF has showcased the different aspects of what HTX does – forensics, cyber forensics – as well as how HTX develops solutions and conducts research to help improve homeland security in Singapore,” said Ashok.
The First of Many
HTXIC also saw many first-time teams comprised of members from other fields, such as the Sciences and Humanities. Though they did not have any background in playing CTFs and found many coding challenges difficult, they did have many memorable moments in the competition.
“One of our teammates took a nap and suddenly got a eureka moment that allowed us to solve a problem,” recounted Andy Teo from A-Team, a four-man team of psychology, chemical engineering, pharmacy and chemistry students from the National University of Singapore.
That doesn’t mean that first-timers had no chance to win. One CTF first-timer managed to beat other CTF veterans, with the help of his team and two weeks of hard preparation before the event.
21-year-old Mechanical Engineering student Ian Fong from team VodkaMatchaPotato, who has never played a CTF before, described HTXIC as “daunting”.
But with his teammates’ encouragement, domain knowledge, and impeccable project management, Ian’s efforts paid off, as the 4-man team placed high on the scoreboard at fourth place.
Ian felt that the diverse range of challenges in HTXIC and their difficulty levels were varied enough that he could contribute to the team though he was a beginner.
“I do recommend people who are new to cybersecurity to join HTXIC. I think it’s a good platform for them to learn more about ethical hacking, forensics and biometrics,” said Ian.
Thank you to all the teams for your participation and support! We’ll see you again in the next instalment of HTXIC. Until then, #GGWP!
