Garage for Technical Excellence and Collaboration, or G-TEC was first formed in 2004 to provide an avenue for SIG^2 members to interact and knowledge share in a way most security professionals perfered -- tweaking technologies in their garage. Our long term mission is to improve the overall technical competency of this professional body. Today, G-TEC is made up of highly motivated security enthusiasts who are spearheading SIG^2's researches, surveys, labs and workshops, and various international collaborations.
Our G-TEC lab is a fully-functional test lab that is proudly supported by the National University of Singapore's (NUS) IT Security Lab. Access to the lab is currently available only to the committee members and members of G-TEC projects. To join our G-TEC projects, please contact Cecil Su, Director(G-TEC) at firstname.lastname@example.org.
Our new microsite is available at http://honeynet.gtec.org.sg"
SIG^2's SANS Top 20 Research
SIG^2 is participating in SANS Top 20 Consensus from 2005 onwards for every year as an organisation member. We will be one of the few organisations contributing to SANS TOP 20 and we intend to be representative voice for the local IT security community in the development of this consensus!
SIG^2 SANS Top 20 Research Project Homepage
SIG^2 Survey on Microsoft Windows XP on Service Pack 2 Usage & Experiences
Making the enterprise more secure and robust by managing the OS upgrade deployment is a
major issue and concern for cross industries in Singapore. Microsoft has taken the wraps
off Service Pack 2 (SP2) for Windows XP. SP2 includes a number of badly needed fixes for
Windows XP. This survey aims to share the usage and experiences from some of the industries
in Singapore that have started to at least experiment with the SP2. With this in mind, the
survey was sent out to several correspondents in different vertical industries across
Singapore to get a sampling of the experiences encountered so far.
SIG^2's Internet Weather Forecast Centre / Honeynet Project
IWFC/Honeynet is the latest project under G-TEC. After becoming an official Honeynet mirror, SIG^2 is looking to
do more. SIG^2 embarks on her most ambitious project ever - to do a long-term study on Honeynet. The first
call for participation came in the AGM on 25 July 2003. A healthy number of 25 responded to the call for arms.
Together with the new SIG^2 G-TEC test lab, we are ready to get our hands dirty and rock n' roll!
SIG^2 Honeynet Project Homepage
SIG^2's Software Vulnerability Research Project
The objectives of the G-TEC Software Vulnerability Research Project is to discover new vulnerabilities
and weakness in software products, and to develop proof-of-concept (POC) exploits to demonstrate these
vulnerabilities. The aim of this project is to create awareness of common software limitations and
modes-of-failure, and to encourage the development of more robust and secure software. We adopt
vulnerability research best-practices and will inform the vendor of any critical vulnerabilities before
making any public disclosures.
SIG^2 Software Vulnerability Research Homepage
SIG^2's Secure Code Study Project
The aim of the Secure Code Study Project is to study and analyze malicious code like trojan horses,
backdoors, viruses and rootkits that affect users. Users are encouraged to submit any malicious code
that they find on their systems to facilitate this study. The objective is to understand how these code
work so that appropriate measures can be taken to prevent their proliferation.
SIG^2 Secure Code Study Project Homepage
SIG^2's Port Knocking Project
Port knocking is a technique that can be used to hide services that are running on a hardened server.
This is achieved by not opening the service port until a correct sequence of "knock" packets are received
by the server. There are currently many implementations of port knocking and most of them requires the
client to send a fixed pre-defined sequence of port knocks to the server. In this project, we examine ways
of improving port knocking techniques and seek innovative ways of using port knocking.
SIG^2 Port Knocking Project Homepage
Non-Intrusive Web Security Study
This study is conducted jointly with the Professional Information Security Association (PISA) of Hong Kong. The aim of the
study is to find out the state of security of Singapore and Hong Kong web servers on issues such as SSL, (ASP) script
quality etc in a non-intrusive manner.
None for the time being.
Web-survey on "Factors Influencing Secure Development of Applications" by NUS
SIG^2 is supporting NUS in the above survey. The purpose of this survey is to find out the factors that will motivate
applications developers to practise secure development of applications (SDA). Practising SDA is to incorporate security as
part of the application development lifecycle. It includes capturing security requirements during requirements gathering
phase, designing security into applications, doing secure coding such as preventing buffer overflows and validating input and
output etc, and testing for security vulnerabilities.
BCP with SARS Web Survey result
SARS has affected business continuity plans (BCP)! A survey, conducted jointly with PISA, SCS (SG) and BCP Asia,
was initiated in the month of May and June that focused on issues of SARS and BCP and here are the results!
Below are summary of the surveys of two cities separately:
Some useful links on this topic