In November of 2019, a friend of mine (the “claimant”) was seeking legal remedies after being cheated of his rental deposit by a HDB flat owner (the “landlord”). After two…
Mitigating Banking Scams in Singapore
How often do people perform banking activities, or use the banking apps? Seldom enough to warrant some extra protections and caution around banking. Most people store their money in a…
Resizing Out-of-Space Linux OS Disk on Microsoft Azure
Some weeks ago I awoke to one of my websites dead. A week before, I had upgraded the Virtual Machine’s MySQL from 5.6 to 8. More on that later. When…
NUS Greyhats WelcomeCTF 2021: Writeup
The National University of Singapore (NUS)’ Greyhats organized a WelcomeCTF from 13 to 15 August 2021. Interestingly, this CTF was sponsored by DSTA, who ran the ill-fated CDDC2021 just 2…
How NOT To Run A Capture-The-Flag: CDDC2021
Over the school holidays, DSTA (Defence Science & Technology Agency, Singapore), a statutory board of the Singapore Government, ran BrainHack 2021 from 10 May to 25 June 2021. Part of…
Decrypting AES-128 Encrypted HTTP Live Streaming
I came across an interestingly encrypted HLS m3u8 playlist the other day. This was on a site that you could only access once – after which, you lose access to…
Of Passwords and Personal Information: Investigating the RedMart Data Breach
On 30 October 2020, CNA reported that online shopping platform RedMart, owned by the Lazada Group, suffered a data breach. The stolen database contained the details of 1.1 million customers…
TraceTogether, SafeEntry, and the Erosion of Public Trust
On the 4 January 2021, Member of Parliament Gerald Giam Christopher de Souza (correction: Mr Gerald Giam asked the follow-up question, but Mr Christopher de Souza asked the initial question….