A Rough Start#

Missed Train

Unfortunately, I missed my train to Singapore. Lesson learned: always arrive at least 30 minutes early.

To make up for it, I decided to take the bus to Woodlands. It was a longer route, but I eventually made it. RIP my wallet…

Workshop: Active Directory#

Presented by RangeVillage, this hands-on workshop covered Active Directory security fundamentals, including enumeration techniques, privilege escalation methods, and attack path discovery.

We used tools such as:

1. NXC - NetExec - The Network Execution Tool (Enumeration and Execution)
2. Evil WinRM
3. Impacket
4. bloodyAD
5. mimikatz

During the breaks, I visited sponsor booths and caught several demos, which unfortunately caused me to miss parts of the tutorial.

Resources:

• Lab Sheet

Talk 1: Linux Internal eBPF#

This one covered about linux internal stuff, cool and didn’t know much about.

Talk 2: AI in Cybersecurity#

This session covered how large language models gather intelligence from the dark web and index it in a vector database. By querying this database, participants could retrieve up-to-date, filtered information on advanced persistent threats (APTs).

Talk 3: Intro to Fuzzing#

I learned that fuzzing is a software testing technique that feeds unexpected or random inputs to an application to uncover bugs and ensure it handles edge cases gracefully without crashing.

They introduced powerful fuzzing tools such as LibFuzzer, which automate test case generation and help uncover edge-case bugs efficiently.

Talk 4: Behind The Scenes of GreyCTF#

This session was led by the GreyCTF challenge creators, who walked us through their design process—how they develop challenges, adjust difficulty, and refine problem statements.

They also provided an in-depth overview of the custom badge’s internal architecture and its design considerations: