Objectives About Us Sponsors News Past Events Contact Us
Login G-TEC CC Mirror Forums Links

 

 

Garage for Technical Excellence and Collaboration (G-TEC)

Background

Garage for Technical Excellence and Collaboration, or G-TEC was first formed in 2004 to provide an avenue for SIG^2 members to interact and knowledge share in a way most security professionals perfered -- tweaking technologies in their garage. Our long term mission is to improve the overall technical competency of this professional body. Today, G-TEC is made up of highly motivated security enthusiasts who are spearheading SIG^2's researches, surveys, labs and workshops, and various international collaborations.

Facilities

Our G-TEC lab is a fully-functional test lab that is proudly supported by the National University of Singapore's (NUS) IT Security Lab. Access to the lab is currently available only to the committee members and members of G-TEC projects. To join our G-TEC projects, please contact Cecil Su, Director(G-TEC) at cecilsu@security.org.sg.

Our new microsite is available at http://honeynet.gtec.org.sg"

Old Projects

  1. SIG^2's SANS Top 20 Research
    SIG^2 is participating in SANS Top 20 Consensus from 2005 onwards for every year as an organisation member. We will be one of the few organisations contributing to SANS TOP 20 and we intend to be representative voice for the local IT security community in the development of this consensus! SIG^2 SANS Top 20 Research Project Homepage

  2. SIG^2 Survey on Microsoft Windows XP on Service Pack 2 Usage & Experiences
    Making the enterprise more secure and robust by managing the OS upgrade deployment is a major issue and concern for cross industries in Singapore. Microsoft has taken the wraps off Service Pack 2 (SP2) for Windows XP. SP2 includes a number of badly needed fixes for Windows XP. This survey aims to share the usage and experiences from some of the industries in Singapore that have started to at least experiment with the SP2. With this in mind, the survey was sent out to several correspondents in different vertical industries across Singapore to get a sampling of the experiences encountered so far.
    Download Paper

  3. SIG^2's Internet Weather Forecast Centre / Honeynet Project
    IWFC/Honeynet is the latest project under G-TEC. After becoming an official Honeynet mirror, SIG^2 is looking to do more. SIG^2 embarks on her most ambitious project ever - to do a long-term study on Honeynet. The first call for participation came in the AGM on 25 July 2003. A healthy number of 25 responded to the call for arms. Together with the new SIG^2 G-TEC test lab, we are ready to get our hands dirty and rock n' roll!
    SIG^2 Honeynet Project Homepage

  4. SIG^2's Software Vulnerability Research Project
    The objectives of the G-TEC Software Vulnerability Research Project is to discover new vulnerabilities and weakness in software products, and to develop proof-of-concept (POC) exploits to demonstrate these vulnerabilities. The aim of this project is to create awareness of common software limitations and modes-of-failure, and to encourage the development of more robust and secure software. We adopt vulnerability research best-practices and will inform the vendor of any critical vulnerabilities before making any public disclosures.
    SIG^2 Software Vulnerability Research Homepage

  5. SIG^2's Secure Code Study Project
    The aim of the Secure Code Study Project is to study and analyze malicious code like trojan horses, backdoors, viruses and rootkits that affect users. Users are encouraged to submit any malicious code that they find on their systems to facilitate this study. The objective is to understand how these code work so that appropriate measures can be taken to prevent their proliferation.
    SIG^2 Secure Code Study Project Homepage

  6. SIG^2's Port Knocking Project
    Port knocking is a technique that can be used to hide services that are running on a hardened server. This is achieved by not opening the service port until a correct sequence of "knock" packets are received by the server. There are currently many implementations of port knocking and most of them requires the client to send a fixed pre-defined sequence of port knocks to the server. In this project, we examine ways of improving port knocking techniques and seek innovative ways of using port knocking.
    SIG^2 Port Knocking Project Homepage

  7. Non-Intrusive Web Security Study
    This study is conducted jointly with the Professional Information Security Association (PISA) of Hong Kong. The aim of the study is to find out the state of security of Singapore and Hong Kong web servers on issues such as SSL, (ASP) script quality etc in a non-intrusive manner.


Current Surveys

None for the time being.


Past Projects and Surveys

  1. Web-survey on "Factors Influencing Secure Development of Applications" by NUS
    SIG^2 is supporting NUS in the above survey. The purpose of this survey is to find out the factors that will motivate applications developers to practise secure development of applications (SDA). Practising SDA is to incorporate security as part of the application development lifecycle. It includes capturing security requirements during requirements gathering phase, designing security into applications, doing secure coding such as preventing buffer overflows and validating input and output etc, and testing for security vulnerabilities.

  2. BCP with SARS Web Survey result
    SARS has affected business continuity plans (BCP)! A survey, conducted jointly with PISA, SCS (SG) and BCP Asia, was initiated in the month of May and June that focused on issues of SARS and BCP and here are the results!
    Below are summary of the surveys of two cities separately:
    Singapore
    Hong Kong
    Some useful links on this topic


Updated: 21/01/2007
webmaster@security.org.sg