NUS Greyhats’ Team Sesame Wins First Place at CISS 2024

At the 2024 Critical Infrastructure Security Showdown (CISS), NUS Greyhats' Team Sesame secured first place in a demanding 48-hour Capture The Flag (CTF) format. The event, focused on operational technologies (OT) and industrial control systems (ICS), challenged participants to solve complex problems using datasets provided by iTrust. Competing with seasoned professionals like Ensign Infosecurity and GovTech, Team Sesame's proficiency in analysing ICS artifacts and navigating both physical testbeds and cyber twins highlighted their technical expertise and adaptability.

Despite their limited experience in OT, the team's solid foundation in various cybersecurity competitions proved invaluable. Preparation was key to their success; they researched past CISS events and identified critical areas in OT security. Dividing tasks and regularly sharing knowledge, they deepened their understanding leading up to the event. The teamwork and communication enabled them to remain agile and focused, allowing them to adapt quickly to evolving challenges.

One of the competition's highlights came when the team exploited a vulnerability in a firmware upload system, gaining remote access to the machine. Initially trapped in a Docker container, they discovered a misconfiguration that allowed them to escape and gain root access. This unexpected success underscored how real-world vulnerabilities often arise from simple misconfigurations.

Throughout the competition, Team Sesame demonstrated exceptional teamwork and problem-solving, effectively identifying and mitigating potential threats. Their approach combined analytical thinking with practical application, showcasing their ability to operate under pressure and make informed decisions in real time.

Reflecting on the win, team leader Lim Jin Kai noted, "Competing in CISS has deepened our understanding of OT security. It has shown us how these challenges mirror real-world vulnerabilities, helping us become better cyber defenders of tomorrow." NUS Greyhats plans to continue participating in cybersecurity events, sharing their knowledge with the broader community, and inspiring the next generation of cybersecurity enthusiasts. This victory not only reinforces their status as leaders in the field but also positions them for future success in the evolving landscape of cybersecurity.

CISS 2024, recognised as a premier international cyber exercise, was sponsored by the Cyber Security Agency of Singapore and co-organised with the Singapore Armed Forces' Digital Intelligence Service, bringing together top teams from around the globe.