CRAC'18

GREETINGS FROM PMJ DIRECTOR Assalamualaikum wbt and Sincere Greeting to All, Welcome to the 2 nd Cyber Range Academy Conference (CRAC’18). The conference is annually held at the initiative of Cyber Range Academy, Politeknik Mersing and orga- nized by a committee including the academic and non- academic staff of our polytechnic in collaboration with OWASP Malaysia. On behalf of the organizing committee, I would like to express our pleasure in hosting this event that is dedicated to the dynamic and challenges in the broaden context of information security in Malaysia. The theme for this year conference is ‘Do Cyber Hygiene As Cyber Fences!’ is meant to be bold and clear statement to our community to take deeper caution towards the safety of their devices and the level information they are sharing over the inter- net. In the age of Industry 4.0, cybersecurity strategies should be secure, vigilant, and resilient, as well as fully integrated into organizational strategy from the start. With that, I believe the conference can benefit to a wider community by contributing towards the matters of public concern and future applications in the fields of infor- mation security. On behalf of Politeknik Mersing, I would like to thank all you for participating in CRAC’18 and I hope that you will gain more valuable knowledge and insights on the theme that we highlight this year. To all CRAC’18 organizing committee, my heartfelt gratitude and congratulations for the effort and commitment towards the success of this event. Last but not least, a special dedication to all supports from our sponsors and partners for their collaboration with us. Thank you. Hassan bin Siraj Director Politeknik Mersing, : 2 : Cyber Range Academy Conference 2018

MESSAGE FROM PROGRAM DIRECTOR Assalamualaikum Warahmatullahi Wabarakatuh and Greeting to All, Dear special guests Dear conference participants and colleagues A warm welcome from Cyber Range Academy Confer- ence 2018 (CRAC’18) to everybody here at the conference. Nowadays our societies are facing new questions, issues, technologies related to information security which are perceived by the majority as cyber threats. Certainly today we cannot avoid talking about information security attacks, the fear they engender and the climate they create, but also the phenomena connected to them. Cyber hygiene is one of important strategies to organization like ours since we rely extensively on the Internet and storage devices for our work. Thus, it is im- portant to make sure our network are protected and systems and devices main- tained appropriately while adapting cyber security best practices for anything and everything that connects to the web. This conference aims to provide a platform for academician, technologists, students and community in general to disseminate and gain knowledge and information pertaining to cyber security strategies. These knowledge-based sharing activities will indeed benefit all participating individuals, institutions and organizations, including, sponsors, speakers and participants. May this conference be the door to inspirations and opportunities to explore the knowledge of cyber security in a more comprehen- sive way. Finally, a heartfelt thanks to the committees of the conference who have poured such effort and competence and abilities into making it a success; a success which we see as important because of the relevance we ascribe to cybersecurity strate- gies and the role it can play in the struggle to address the current challenges of infor- mation security. Siti Rohani Sukaimi Program Director Cyber Range Academy Conference 2018 (CRAC’18) : 3 : Cyber Range Academy Conference 2018

ABOUT CYBER RANGE ACADEMY CONFERENCE Cyber Range Academy Conference 2018 (CRAC’18) is the largest educa- tional conference on InfoSec organized by award winning Cyber Range Academy, Politeknik Mersing in collaboration with OWASP Malaysia Local Chapter. It is aim to gather student, lecturer, leaders, security experts, executives, technical thought leaders, developers, scientists and researchers around Malaysia for in-depth discussions of cutting-edge application security is- sues. This conference is particularly relevant in the current age where cyber se- curity is crucial in today’s dynamic environment. Cyber security has be- come vital for individuals and families, as well as organizations that collect and store a wide range of confidential data on computers and transmit that to other computers across different networks. The objectives of this conference are: To create awareness on cyber hygiene as cyber fencing among par- ticipants. To provide platform for academicians and industry practitioners in the information security fields to share latest information and topics in their area of expertise. To engage the participants in seminars and workshop on topics which are deemed suitable for future reference thus creating net- work of expertise between academia and industry, It is hoped that this conference will attract participation from students, academicians, researchers and industry practitioner to gain, share and network their ideas, developments and applications. About 500 people are expected to attend the events. exhibition and lunch will be held at the summit, providing sufficient networking opportunities. : 4 : Cyber Range Academy Conference 2018

PROGRAM OVERVIEW DAY 1 7 OCTOBER 2018 (SUNDAY) PROGRAM’S TENTATIVE FOR SEMINAR TIME ACTIVITY LOCATION 08.00 am Registration Opening Ceremony Keynote Speaker: 09.00 am Mohd Fazli Azran (OWASP Malaysian Chapter Leader) Dato Dr. Haji Amirudin Abdul Wahab (CEO Cyber Security Malaysia (CS)) 10.00 am Breakfast The New IT Security Revolution: Past, Present & 10.30 am Tomorrow Fazli Azran Autonomous Security.. The Way of The Future? 11.15 am DPM Thah Rhi Zee 802.11: Your fingerprints are Everywhere 12.00 pm ASP Norzaidi Baharudin 01.00 pm Lunch Darknet: The Dark Side of the Web 02.00 pm Azri Hafiz Blue Team: It’s Fun To Be In This Team Too 02.45 pm Hazrul Hamzah ICS & IoT Security. Are They Critical? 03.30 pm Fadzil Haron 04.15 pm Photo Session and Seminar ends : 5 : Cyber Range Academy Conference 2018

PROGRAM OVERVIEW DAY 1 7 OCTOBER 2018 (SUNDAY) PROGRAM’S TENTATIVE FOR WORKSHOP TIME ACTIVITY LOCATION 08.30 am Registration 09.30 am CTF Setup FIS 10.00 am CTF Competition 11.00 pm Closing *FIS– Information Security Lab : 6 : Cyber Range Academy Conference 2018

DAY 2 8 OCTOBER 2018 (MONDAY) TIME Workshop CSR 08.30 am Registration 09.00 am Parallel Workshop CSR Activity 10.30 am Break with Pejabat Pendidikan Daerah 10.45 am Parallel Workshop 12.30 pm Lunch and workshop ends PARALLEL WORKSHOP TITLE 1. APPLICATION SECURITY Ahmad Ramadhan 2. DANCING WITH EVIL PACKET – HOW TO RULE THE WORLD BY LOOKING AT PACKETS Maher Adib 3. THREAT HUNTING Saliman Manap 4. BUFFER OVERFLOW POC Wan Zulkifli bin Wan Hanapi 5. VISUALIZING TRAFFIC WITH ELASTIC STACK Tajul Azhar bin Mohd Tajul Ariffin : 7 : Cyber Range Academy Conference 2018

LIST OF SPEAKERS (SEMINAR & WORKSHOP) SEMINAR SPEAKERS SEMINAR TITLE Mohammed Fadzil Haron ICS and IoT Security. Are they critical? Azri Hafiz A Rahman Darknet : The Dark Side of the Web Tahrizi Tahreb Autonomous Security.. the way of the future? ASP Norzaidi Baharudin 802.11: Your Fingerprints are everywhere Mohd Fazli Azran The new IT Security Revolution: Past, Present & Hazrul Hamzah Blue Team: It's fun to be in this team too WORKSHOP SPEAKERS WORKSHOP TITLE Ahmad Ramadhan Web Application Security Ahmad Maher Che Mohd. Adib Dancing With Evil Packets - How To Rule The World by Looking at Packets Saliman Manap Threat Hunting Wan Zulkifli bin Wan Hanapi Buffer Overflow POC Tajul Azhar bin Mohd Tajul Ariffin Visualizing Traffic with Elastic Stack : 8 : Cyber Range Academy Conference 2018

SPEAKERS’ PROFILES Mohammed Fadzil Haron 21 years information security veteran with experiences in the USA and Ma- laysia, highly certified with GSEC(Gold), GCIA(Gold), GCIH, GCED, GPEN, GCFA and CISSP. He is the Chairman of PPKS a.k.a CREST Malaysia Chapter. He is the only one in Malaysia who used to be SANS Community Instructor and SANS Incident Storm Center Analyst volunteer. Currently SANS Advisory Board member, GIAC Gold Certification Advisor, SANS OnDemand Exam Writer/Auditor and Course Reviewers. His specialties includes Cyber Threat Intelligence, Digital Forensics and Investi- gation, Security Monitoring, Malware Analysis, Data Protection, Penetration Testing, Risk Assess- ment, Security Architecture and many others. His passion in infosecurity brought him to teach and present at conferences all over the world. He is here to share knowledge with those security enthusiast among you. Azri Hafiz A Rahman A Cyber Security enthusiast, with more than 7 years of experience in the field. He is currently responsible in leading the operation of cyber threat intelligence, Security Operation Center, and incident handling with SysAr- my Sdn. Bhd. He is in charge of consultation in regard to cyber security incidents as well as reporting and summarizing on the recent cyber security outbreak globally, and a monthly security overview for his clients. Other than that, he is also a member of nonprofit and independent organizations such as ISACA Ma- laysia Chapter, OWASP Malaysia Local Chapter, rawSEC, and Persatuan Penguji Keselamatan Siber Kuala Lumpur, Selangor, dan Putrajaya (PPKS). He is active in providing lectures and talks in numerous events. He often acts as an advisory and speaker for conferences and organizations that require his expertise for part of Corporate Social Responsibility. Tahrizi Tahreb He is a mechanical engineer specializing in metallurgy. Dedicating 5 years of his life as system engineer and system architects for a company that developed the Hospital Integrated Information System (THIS) for Malaysian government. This implementation starts from M & E to the integration of medical devices. Despite his point of view in the field of information technol- ogy particularly cybersecurity, he has served as IT security consultant to a number of foreign countries specialized in the defense, communication and finance industries. : 9 : Cyber Range Academy Conference 2018

SPEAKERS’ PROFILES ASP Norzaidi Baharudin ASP Norzaidi Baharudin holds a Master of Science (Computer Networking) from UiTM. Besides that, he also holds a Diploma in Electrical and Degree in IT with Honour. He began his career as Web programmer while still pursuing his study. He has vast experience working at multinational companies and also education centers. He has more than 15 years of experiences in Web technologies and Unix/Linux Daemons. High interest in IT security and open source software, ASP Norzaidi is actively involved in Malaysia Open Source Community, Open Web Security Project (OWASP) Malaysia Chapter and CyberDef Alliance. ASP Norzaidi have a lot of enthusiasm in 802.11 security. One of his studies have been published by IEEE with the title \"Wireless Intruder Detection System in Detecting De-Authentication and Disassociation Attacks on 802.11\". Current- ly ASP Norzaidi Baharudin attached at Special Branch Bukit Aman. Mohd Fazli Azran He is very passion about OSS (Open Source Software), love to collaborate with others to do join-venture activity regarding OSS events, seminars, con- ference and workshop. Join many OSS community, University, Polytechnic, Government Agency and spread awareness and knowledge about OSS and Security InfoSec to public. With his experience almost 20 years and now working as Technical Team Lead & Information Security Consultant and hold some professional cert like CEH, ECSA, CISE, NCLA and LPIC. He believe on OSS spirit \"Sharing is Caring\". Volunteer at Fedora Ambassador & openSUSE Ambassador and also Cyber- SAFE Ambassador. Sometime being speaker at other OSS/infosec events and and to be trainer at OSS/infosec workshop. Now a prominent at OWASP Malaysia Chapter Leader. Also held as Core Secretariat at OSDC.my (Open Source Developer Community Malaysia) and MOSC (Malaysia Open Source Conference). Still study at Asia E University on Information Technology & Communication. Latest project on the making CyberDEF Alliance with CyberSecurity Malaysia. Hazrul Hamzah An ordinary IT Security guy, experienced too many face palm moments, too long in the industry and drawing is the only mean of maintaining sanity. : 10 : Cyber Range Academy Conference 2018

SPEAKERS’ PROFILES Ahmad Maher Che Mohd. Adib Maher’s first exposure to packet analysis was in 2000 when he downloaded Ethereal (now known as Wireshark) and was instantly fascinated. His love for the open source analyzer has led to a near-daily commitment to using the tool to discover what is really going on with network infrastructures. As Tech- nical Lead for Ofisgate Sdn Bhd in Kuala Lumpur, he has architected Cyber Range, a realistic training platform for red and blue teaming scenarios mimicking real-world incidents using packet analysis capabilities as one of the primary weapons. Maher is an active member of, and frequent presenter at, local and international IT-related community events such as Durian Conference, Malaysia Open Source Community meetings and, of course, SharkFest Asia, US! Saliman Manap It Security professional, certified and experienced in the fields of Infor- mation Technology Security Operation and Management with exposure to local and multinational organization. Ahmad Ramadhan A Security Consultant at SEC Consult Malaysia with both local and interna- tional experience in Cyber Security, mainly in penetration testing. Through- out his career, he have been performed various penetration tests and source code reviews for numerous local and international agencies. Wan Zulkifli bin Wan Hanapi A Security Consultant at SEC Consult Malaysia with both local and interna- tional experience in Cyber Security, mainly in penetration testing. Through- out his career, he have been performed various penetration tests and source code reviews for numerous local and international agencies. Tajul Azhar Mohd Tajul Ariffin As a Tech Leader at Cyber Range Academy, he works very hard to bridge gaps between Cyber Security and the Network Visibility. Works as a pas- sion, he believes in train like you fight concept is de facto of producing today’s Cyber Heroes of Cyber Security. 15 years experience in govern- ment ICT industry and helps him boost student to become the future hero. Join him in venturing Network/ Security with Elastic and discover the magic behind and Elas- ticsearch : 11 : Cyber Range Academy Conference 2018

MAIN COMMITEES PATRON HASSAN BIN SIRAJ Director of Politeknik Mersing ADVISORS KHAMSAN BIN ANAS Deputy Director of Politeknik Mersing LAJIM BIN MOLAH Head of Department ICT, Politeknik Mersing CHAIRMAN ZAINOLRIN BIN SAARI PROGRAM DIRECTOR SITI ROHANI BINTI SUKAIMI ASSISTANT PROGRAM DIRECTOR FAIZATUSSAI’DAH BINTI MEAN SECRETARY AKALILI BINTI ABDULLAH TREASURERS AZLINA BINTI HAMDAN MAS AYU BINTI MOHD ARIFF : 12 : Cyber Range Academy Conference 2018

PROGRAM COMMITEES CTF COMPETITION COORDINATOR SEMINAR COORDINATOR IDRIS BIN MOHAMED MOBIN MAIZATUL AKMAM BINTI ISMAIL WORKSHOP COORDINATOR REGISTRATION MAIZATUL AKHMAR MOHAMAD NOR ZALIHAR BINTI EMBONG MAS AYU BINTI MOHD ARIFF ZURAIHAH BINTI NGADENGON GRAPHIC DESIGN & PRINTING WELCOME SPEECH WAN BURHANUDING BIN IBRAHIM SYAKIRAH BINTI MANSOR PUBLICITY & PROMOTION SPONSORSHIP SURAYA HANI BINTI KAMAROLZAMAN ZURAIDAH BINTI MOHD RAMLY PUZIAHHAIZA PAZUI FATIMAH RAHMAT CERTIFICATION LAISON OFFICERS IRMA BINTI MAAMAN (K) MASURIA BINTI MOHD TAHAR NOR ZAMIRA BINTI OTHMAN CHELVA KUMARI ARUMUGAM INVITATION RECEPTION SYEARIFAH BINTI SHAHIDAN(K) NORADILAH SHUKOR AZREEN KHAMIS NUR AQILA BINTI HUSSIN SOUVERNIRS & PRIZES TECHNICAL NORSHADILA BINTI AHMAD BADELA TAJUL AZHAR BIN MOHD TAJUL ARIFFIN SYARIFAH HANA SYED ZUBIN IDRIS BIN MOHAMED MOBIN MULTIMEDIA & AV PROGRAM BOOK NURUL ASHIKIN BINTI ABD SAMAD WAN BURHANUDING BIN IBRAHIM NURUL SHAKIRAH BINTI MOHD ZAWAWI LOGISTIC / TRANSPORTATION OPENING CEREMONY MANAGEMENT RAMLI BIN MOHAMED SUHANA BINTI ISMAIL : 13 : Cyber Range Academy Conference 2018

PROGRAM COMMITEES ACCOMODATION CSR LILI SURAIYA BINTI RAMELY NURUL NAJWA MOHD YUSOF INTAN SHAFINAZ BINTI MOHAMAD SPECIAL TASKS VENUE PREPARATION FAIZAH BINTI ESKAK MHD AFANDI BIN MOHD ALINAFIAH MOHD ALIFF BIN NORAINI MOHD RIZAL BIN SEWANG IBRAHIM BIN MUDA MOHD HAFIZ BIN ABDUL WAHAB ADVISOR EVENT MANAGEMENT TEAM NOR AZURA ISMAIL * Brute Force Team and Event Management Team consisting of PMJ’s students : 14 : Cyber Range Academy Conference 2018

PROGRAM COMMITEES BRUTE FORCE TEAM KARTHIC A/L ANNA RAVI MARAN NURUL NADIA BINTI NORIZHAM NUR FATIHAH BINTI MOHAMED AFANDI SITI ROSNI BINTI MOHD SAHARUDIN PATHMAHN A/L MURALI NUR ZULAIKHA BINTI ZAKARIA MUHAMMAD ADIB TAQWA BIN NORAZAM HAFIZATUL SYAHIDA BT KAMARUDIN IKRAMUDIN BIN AZMAN RABIATUL ALMIRAH BINTI MOHAMAD ZAIDI THAVASILAN KUTTY A/L RAGHAVAN NUR FATIHAH MUHAMMAD NAJMI BIN FARID FIZRIAH BINTI MAHAMAD TAHIR MUHAMMAD HARIS BIN HARON NUR AZLIA BINTI AZMAN NAVEEN DRRAN A/L BALA SUBRAMANYAM NUR HAZLINDA BINTI MOHD DAUD NURUL AMIRAH BINTI NASARUDDIN SHAH NURUL HAFIFAH BINTI ADNAN NURNADIA FATEHAH BINTI ZINUDIN AN-NURIZYAN BINTI MAZLAN FATIN NURSYAFIQAH BINTI RAHIMI NUR IRMA SHAFIRA BINTI DEREHAT NUR IKMAL MASHITAH BINTI MOHD SHAMSULL SITI AISAH BINTI SURANI NURSYAZWANI AQILAH BINTI MD JAILANI NUR FARISHA IDAYU BINTI ROSLAN EVENT MANAGEMENT TEAM NABILATUL WAFA BINTI SAHARUDIN AMIRAH HAZIQAH BINTI ZULKEFLI SITI NORFARHANA BINTI IBRAHIM NURULSYAFIQAH ADILA BINTI BAHARUDIN NURUL UMAIRAH BINTI JOHARUDIN SITI NORFARHANA BINTI IBRAHIM NOR AZIZAH BINTI FIDRY SYARIFAH NUR SABRINA ALATTAS BT SYED HUSSEIN ALATTAS NORAIZANI BT ZAINUDDIN INTAN FAIZATUL AZWA BINTI SAHARUDIN NURUL AKMAR BINTI MD LIZAH NUR AFIQAH BINTI RADZUAN SHAHIRAH HAMISA BINTI SHAHRIZAL AMIZAH BINTI ZAINAL ARIFIN AMIE ADILIA BINTI ZAINAL ABIDIN NUR AZLIN BINTI MUHAMMAD SYAMIM HAZWANI BINTI ABD KALIL MUNIRA AMIRAH BINTI SHARUDIN NAYANTHINI MAHESVARAN : 15 : Cyber Range Academy Conference 2018

DIAMOND SPONSORS PLATINUM SPONSORS Envy Formula Sdn. Bhd (EFormula) GOLD SPONSORS Efan Technology and Services Ahmad Sufi : 16 : Cyber Range Academy Conference 2018

NOTES : 17 : Cyber Range Academy Conference 2018