Training Sessions
Training 1: Applied OT Security
This training provides participants with an in-depth introduction to operational technology (OT) through a series of offensive security exercises. They will gain hands-on experience with SCADA and PLC systems, exploring the industrial protocols and interfaces commonly used in these environments. Focusing on equipment used in the power industry, students will have the opportunity to work directly with real-life OT equipment involving mains voltage. Through hands-on exercises, they will observe scenarios such as AC voltage manipulation and the bypassing of electrical safety mechanisms, gaining insight into cyber-physical vulnerabilities. After this training, participants will have a deeper understanding of applied OT security, the impacts of cyber-physical attacks on critical infrastructure, and the importance of securing these systems. Such essential knowledge is also transferable to other domains of critical infrastructure and industrial processes.
Trainers:
Kenneth Tong
OT Security Researcher
Manzel Seet
OT Security Researcher
Training 2: Intel to Actions
In this session, "From Intel to Action," we'll demonstrate how to turn threat intelligence into actionable strategies to safeguard systems. Designed as an Intel 101 workshop, it provides a comprehensive overview of the threat intelligence lifecycle while showcasing its real-world application in defending against cyber threats. Participants will explore: - Threat Intelligence Fundamentals: Types (strategic, tactical, operational, technical) and their roles in cybersecurity. - Threat Actor Profiling - Indicators of Compromise (IoCs): Identifying and leveraging IoCs like IPs, hashes, and domains for threat detection. - Actionable Insights: Translating intelligence into detection and hunting The session includes a hands-on group activity where teams create a threat actor profile.
Salimah Liyakkathali
Independent Security Researcher
Training 3: Exploring strategic information warfare
Disinformation poses a growing threat to societal trust, democratic processes, and information integrity. But what exactly constitutes disinformation, and how can organizations effectively counter it? This session breaks down the fundamentals of disinformation analysis, examining how false narratives emerge, spread, and impact targeted audiences across digital ecosystems. We'll explore essential methodologies for detecting disinformation campaigns, analyzing their origins, and implementing effective response strategies that preserve information integrity. Additionally, we'll examine the various national strategies in managing this discourse and what we as individuals can do about it.
Zheng Yang Davis
NTU RSIS Center of Excellence for National Security, Assistant Researcher
Training 4: Introduction to Threat Modelling
"Know thy self, know thy enemy. A thousand battles, a thousand victories." - Sun Tzu "Prevention is better than cure." In essence, these two quotes summarise threat modelling. Threat modelling allows us to understand how threat actors can attack our systems, and how we can pre-empt said threat actors whilst a system is still in the midst of the design phase. In this course, we begin with an introduction to threat modelling principles, as well as well-known methodologies such as STRIDE-LM and MITRE ATT&CK Framework. We will have hands-on sessions using a threat modelling tool like the OWASP Threat Dragon, and multiple group exercises on both on-premise and cloud environments. For differentiated learning, the course is packaged in a two-track fashion. There will be a base set of exercises and chapters that will be covered in in-class time. For the faster students, "Extra Mile" exercises will be provided for them to stretch themselves outside class time. Given sufficient time, some modern topics such as threat modelling in large language models (LLMs) may be discussed.
Donavan Cheah
Thales, Senior Cybersecurity Consultant
Training 5: Malware Reverse Engineering
The hands-on training module provides participants with comprehensive exposure to malware analysis though simulated phishing attack scenario. This session combines static analysis, dynamic analysis and some network analysis. Participants will analyze and have an understanding of the overall infection chain which is useful for analysts to show the flow of executions by the malware.
Lucas Tay
Cyber Security Agency of Singapore, Cybersecurity Consultant
Training 6: Career Mentoring
This workshop is designed to equip participants with the essential tools and strategies to navigate today's competitive job market. Attendees will learn how to craft compelling resumes that highlight their strengths and achievements. The session will also delve into effective job hunting strategies to identify and seize the right opportunities. Finally, participants will gain practical insights into interview preparation, including how to present themselves confidently, respond to common questions, and follow up professionally.
Rowena Lee
Principal Consultant and Founder, HRS Talents
Training 7: Level 1 to Level 99 in Cloud Attacks
The modern cloud as we know is no longer a selection of cloud service providers and service models from infrastructure, platform and software. It has not become a tangled web of services that is dependent on each other, where a security failure in one cloud tenant can lead to a cascading failure downstream. In this course, we will look at how cloud native company runs the day to day operations, what would and adversary target, and how can one execute of similar scale.
Sim Cher Boon
Senior Security Engineer, Grab