Division Zero (Div0) – Singapore Cybersecurity Community

⚠️⚠️ To attend, please also fill up this registration form: [https://forms.gle/NAY2Ju1EsGNaqDo79] ⚠️⚠️
*Please keep a look out for our email on the outcome of your registration that will be sent to you at 1-2 day(s) before the session. If you did not receive any updates, please drop Anna an email at anna@div0.sg*

Career Series: Talk & Tackle is a dynamic initiative designed to elevate the professional development of cybersecurity practitioners. This series will feature a combination of hands-on workshops and interactive Q&A sessions, providing an engaging platform for experienced professionals to tackle pressing technical challenges in real-time.
Each quarter, Talk & Tackle will focus on four distinct themes:

1. Red Team: Participants will explore offensive security tactics, learning how to think like an attacker. Workshops will cover topics such as penetration testing methodologies, social engineering techniques, and the latest tools used in red teaming, equipping attendees with the skills to anticipate and counteract threats.
2. Blue Team: This theme will delve into defensive strategies, emphasizing threat detection, incident response, and risk management. Attendees will engage in simulations and case studies that allow them to practice and refine their skills in protecting networks and systems against various cyber threats.
3. White/Yellow/Green Team: These sessions will foster collaboration between offensive and defensive teams. We’ll address best practices in threat intelligence sharing, security policy development, and compliance measures. This integrated approach will highlight the importance of a cohesive cybersecurity strategy across different teams.
4. Emerging Technologies: As technology rapidly evolves, this theme will focus on the latest advancements in cybersecurity, including artificial intelligence, machine learning, and blockchain security. Participants will gain insights into how these technologies are reshaping the cybersecurity landscape and explore practical applications to enhance their own security practices.

ABOUT THE WORKSHOP
Read more here

AGENDA

• 6.30pm: Registration
• 7.00pm - 10.00pm: Talk & Tackle — Supply Chain Security & Third Party Risk Management
• Till Late: Networking

SPONSORS

• MEETUP VENUE SPONSOR: CyberSG TIG Collaboration Centre

SPEAKERS' BIO
Tyler TANG — Director, SoftSCheck
Tyler currently leads Secure Design & Advisory in softScheck which focuses on Security Risk Assessments and Security Architecture. With over nine years of experience in Information Security, Tyler brings a practitioner’s perspective to secure system design, guided by a methodical and resilient approach shaped by his discipline in martial arts. He also serves as Honorary Secretary, Mentorship Program Lead and Certified Mentor with the ISC2 Singapore Chapter on a volunteering basis and frequently shares actionable insights on LinkedIn and at industry events.

Andrea CHEA — Manager, RSM Singapore
Andrea is an experienced IT Audit Manager with a strong focus on IT security best practices, risk management, and compliance. She leads GRC engagements and cybersecurity workshops that help organizations strengthen their security posture. Passionate about building secure digital ecosystems, Andrea has been recognized with multiple industry accolades, including the AiSP SVRP Silver Award and the Tech Talent Builders Award 2024. She also contributes to the next generation of cybersecurity professionals as an adjunct lecturer and community advocate.

IMPORTANT NOTICES

• Code of Conduct: [https://www.div0.sg/code-of-conduct]
• Terms of Use & Disclaimer Notice: [https://www.div0.sg/terms-of-use-disclaimer-notice]

SCC+ workshop is an extension of a youth-only Singapore Cybersecurity Camp (SCC). As such priority will be given to students first. Submit your application here ➡️ https://forms.gle/uG6NssZ9diBSZSDBA

Abstract
Step into the world of cyber defense with our hands-on Malware Analysis Workshop, led by Jin Hao, a cybersecurity researcher. Learn about malware analysis, diving into Windows internals, setting up your virtual machines and exploring techniques for static, dynamic, and automated analysis. You will also touch on how Endpoint Detection and Response works.

Whether you're looking to start a career in cybersecurity or strengthen your existing skill set, this workshop will give you the practical knowledge needed to analyze and defend against real-world threats.

Agenda & Learning outcomes:
Read here

Laptop Requirements:

• Laptop with at least 8GB RAM and VMWare/VirtualBox installed
• Windows 10 VM installed

About the Speaker:
Jin Hao is a cybersecurity researcher with 10 years of experience in reverse engineering, malware analysis, malware development, and detection engineering. He holds two patents for DGA detection and Phishing detection, and is an active developer, having built big data workflows for SOC systems and created a custom query language for threat hunting.

Jin Hao has also found success in the bug bounty scene, participating in the HackerOne Ambassador World Cup and reporting vulnerabilities in programs such as Yahoo, Stripe, and Epic Games, and has been credited with three CVEs. His current interests include malware reverse engineering and Windows security research.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

⚠️⚠️ RSVP on BOTH google form & meetup.
Google Form — https://forms.gle/2d8YxzuP1ztk4Vc58 ⚠️⚠️
—
AGENDA

• 6.30pm: Registration & Networking (30mins)
• 7.00pm: Introduction & Announcement (20mins)
• 7.20pm: "Deep dive into Android exploitation" by Ilya Dreytser
  VP, Solutions Engineering at Quokka
• 8.00pm: "Assisting a Kidnapping Investigation Using OSINT" by Sodinokibi
• Till Late: Networking

SPONSORS

• VENUE SPONSOR: CyberSG TIG Collaboration Centre
• DIV0 SUSTAINING OFFICIAL SPONSOR: Red Alpha Cybersecurity

ABSTRACTS
Deep dive into Android exploitation
With over 3 billion active devices this year, Android dominates the global mobile market with a 70.69% market share. But with this widespread usage comes an increasing number of vulnerabilities. In this event, we will dive deep into the world of Android app and firmware exploits and showcase live demonstrations of a few exploits on a live real device. Attendees will gain a clear understanding of how interprocess communication, privileged apps, and Android's interprocess communication models can lead to common exploit patterns resulting in data leakage or exposing personally identifiable information (PII).

​Join us for a hands-on session that not only highlights the risks but also provides practical insights into how these exploits work and how to mitigate them in your own apps and systems.

​Key Topics Covered Will Include:

• ​Common exploit patterns in Android apps and firmware
• ​How interprocess communication creates vulnerabilities
• ​Exploiting privileged apps for data leakage
• ​A live demo of key Android exploits with step-by-step walkthroughs
• ​Protecting data and minimizing personally identifiable information (PII) exposure

​Why Attend?

• ​Live Demonstrations: See real-world Android exploits in action with a guided walkthrough for each.
• ​Practical Takeaways: Learn how to identify and mitigate mobile vulnerabilities in your own development and security operations.
• ​Expert Insights: Gain knowledge from an industry expert with years of hands-on experience in mobile app testing and security.
• ​Cutting-Edge Knowledge: Stay informed about the latest trends and threats in the rapidly evolving mobile security landscape.

​Interactive Learning: Understand the technical aspects of Android exploits through live demos and actionable insights.

Assisting a Kidnapping Investigation Using OSINT
In this talk, I will share how my team was tasked with supporting one of the most high-profile kidnapping cases in the cryptocurrency sector, which occurred in January. Due to the sensitivity of the investigation, authorities shared minimal information. I will walk through our thought process, the OSINT techniques we employed, and how we were able to uncover critical leads—despite an unexpected twist at the end. This case highlights the importance of proactive intelligence sharing in time-sensitive investigations.

BIOS
Ilya Dreytser | Ilya has been testing mobile apps for security, performance, and functionality for the past 8 years. A seasoned expert in mobile app security, Ilya has presented at DroidCon and other notable events. Known for his engaging speaking style, Ilya’s journey began as a developer before transitioning into security testing. He has a unique ability to break down complex mobile vulnerabilities into easy-to-understand concepts while providing real-world solutions. When he's not diving into mobile security, you might catch him enjoying the sunshine after years of basement coding! Ilya is currently leading the Solutions Engineering team Quokka focusing on securing mobile devices and apps.

Sodinokibi | A former desktop support technician turned security engineer who transitioned into penetration testing before becoming an intelligence analyst for two of the largest US banks. Since his interest in blockchain and cryptocurrency, Sodinokibi currently serves as an intelligence analyst at one of the world’s largest cryptocurrency exchanges.

IMPORTANT NOTICES

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice

• Code of Conduct: https://www.div0.sg/code-of-conduct
• Terms of Use & Disclaimer Notice: https://www.div0.sg/terms-of-use-disclaimer-notice