2026

March

• 14 CSIT Mini CTF 2026 Walkthrough

February

• 27 Integrate Kaiterra Sensedge Mini with HA
• 07 Running Caddy on high ports

2025

December

• 31 N100 Low Power Server

November

• 06 Studying for an IT LLM

September

• 29 Tuya Local and Protocol 3.5 support
• 02 When does Windows sleep?

June

• 06 Integrating Kasm with MS Azure Internal OIDC

March

• 28 Export Controls on Software
• 09 Territoriality: Internet Crime
• 01 Volume of Digital Evidence

February

• 24 Centralization of Digital Evidence
• 09 AI model licensing
• 08 Authenticity of Digital Evidence

January

• 22 Why Use Commercial Forensic Tools
• 18 Law Enforcement use only
• 12 AI Systems as Software
• 12 Regulating DoS

2024

December

• 14 Deriving JoTeo's NRIC

November

• 23 Data after death
• 09 DSA: Search Engines

October

• 13 PSD2: Stored value cards
• 07 Traders and Consumers

September

• 22 Tort: Centre of Interests

July

• 05 USB Fan: Remove battery

March

• 23 Digital Colonialism
• 17 Challenges with Aadhaar
• 13 Big Tech and Surveillance
• 06 Big Tech and Persuasion

February

• 14 Content Filters and Parenting

January

• 31 Regulating Recommenders
• 22 Privacy in SG's Constitution

2023

December

• 03 Tensegrity Hourglass Tower

November

• 15 GDPR: Transfer
• 10 GDPR: Right to be Forgotten

October

• 29 GDPR: Breach Notification
• 17 GDPR: Data Minimisation
• 12 GDPR: Consent
• 09 GDPR: Grounds for processing
• 07 Liabilities of Intermediaries

September

• 28 GDPR: Changes to Sensitive Personal Data
• 19 Roomba's Data Protection Obligations

August

• 09 Acorn Fan: Home Automation

July

• 02 Upgrading Wyse 5010

June

• 17 Barracuda ESG Replacement
• 10 Katong Cyclist vs Car - Tort

April

• 05 SPF Promotion Statistics

March

• 18 Drupal Redirect Malware

February

• 15 Total Defense and Falsehoods
• 05 SPH Circulation Saga: Misrepresentation

January

• 10 Sign with Singpass

2022

December

• 18 Global Talent Search

November

• 13 Miracast Compatible Devices

September

• 29 Lifelong Spousal Maintenance
• 11 Spammers using Flash SMS

August

• 12 MS-500, AZ-500, SC-200 exam review

June

• 24 Luna economics

May

• 03 Yubikey WSL: Agent refused operation

April

• 08 SANS SEC760 Review

February

• 05 Phishing SMS/Emails/Calls

January

• 18 Azure Resource Manager - Service Principal (Manual)

2021

December

• 23 Yubikey passwordless Windows local account login
• 15 Converting WinExec shellcode

November

• 14 Digital NRIC Spoofing

October

• 13 Industry Consultation on Licensing for CSPs

September

• 22 Police and private sector forensics differences
• 06 LOLBin: printui.dll

August

• 20 Exploring Singapore's Vaccination Cert

July

• 23 SPF, DKIM, DMARC in a nutshell

June

• 21 Infosec career progression

May

• 26 Heroku build timeout 2021

April

• 27 Windows Trust Boundaries

March

• 06 0 reportable cybersecurity incidents

January

• 26 LOLBin: fhmanagew.exe

2020

December

• 31 Fun with MD5 Collisions
• 09 GovTech CTF Writeup

November

• 07 Calling IUnknown COM interface

October

• 08 macvlan host guest connectivity

August

• 04 Bank Token Teardown

July

• 05 NTFS Owner Rights for Logging

June

• 20 Public IP Hijacking over LAN

May

• 24 Authenticating with NRIC numbers v2
• 07 Intelligence-led Red Teaming

March

• 22 Crash Windows Event Logging Service
• 12 Interesting DLL exports
• 01 Expanding on Pyramid of Pain

February

• 08 OSCE review

January

• 23 Vulnserver - Order of difficulty
• 16 Free fresh notes for ang bao

2019

December

• 16 Phishing with actual bait

November

• 01 Overwriting MBR

October

• 03 FLARE-On 6 - Solve vv_max by hand

September

• 22 Tips for winning SANS CTFs

August

• 24 Singapore Gazette Search

July

• 05 WP Like Button 1.6.0 - Auth Bypass

June

• 09 On the Cybersecurity Act

May

• 25 SLAE64 #7 - Crypters
• 25 SLAE64 #6 - Polymorphic shellcode
• 25 SLAE64 #5 - MSF shellcode analysis
• 18 SLAE64 #4 - SSE4.2 CRC32C Encoder
• 18 SLAE64 #3 - Egghunter shellcode
• 17 SLAE64 #2 - Revshell TCP shellcode
• 17 SLAE64 #1 - Bindshell TCP shellcode

April

• 19 Hiding files with mount

March

• 25 Flashing SwOS from Windows

February

• 06 The Evolution of Crypto

January

• 27 Timestomping Programmatically

2018

December

• 29 Windows Persistency With OpenVPN GUI
• 02 Migrating rsyslog to Splunk

November

• 01 SANS FOR508 review

October

• 12 FLARE-On 5 wasm with Chrome

September

• 09 Reasonable use of personal data

August

• 06 Improvements to SEAB's investigation process

July

• 22 D-Link router's ping function

May

• 16 CREST CPSA Review

April

• 27 ASUS router's ping function

March

• 04 Visualizing fitness tracker data

February

• 17 Deprecating HTTP - Lessons from SSH/Telnet

January

• 20 Top 2000 Wordpress Plugins
• 01 Smart Google Code Inserter < 3.5 - Auth Bypass/SQLi

2017

December

• 10 Designing an offline authentication system

November

• 04 SANS SEC660 review

October

• 22 Piwik - Possible XSS in RDNS lookup function

September

• 21 CVE-2017-14766 Simple Student Result < 1.6.4 - Auth Bypass
• 06 CVE-2017-14126 Participants Database < 1.7.5.10 - XSS

August

• 24 OSCP review

June

• 11 Enumerate sites hosted on same IP

April

• 29 Remote Command Execution on Google Assistant
• 08 Is DarkTrace working with the NSA?

March

• 12 Analysis of 3000 BMT Recruits

February

• 18 Replicating UVB-76

January

• 22 IP Hiding and Cloaking for Services

2016

December

• 25 Analysis Of 35000 Senior Civil Servants

November

• 13 Authenticating with NRIC numbers

October

• 16 Security Theatre: Samsung Note 7

September

• 18 National Vulnerability Reporting Programme

August

• 06 Analysing smali code

July

• 03 DES key parity bit calculator

June

• 26 Pass the (EZ-Link Standard) ticket attack
• 12 Bangladesh bank heist

May

• 15 Measuring Power Consumption

April

• 26 Saturating 1Gbps bandwidth
• 16 Running HTTPS, SSH and VPN on port 443

March

• 20 ProtonMail: Technical prowess, Legal expertise and Guts

February

• 21 Biometrics and Passwords

January

• 17 RAID is not backup

2015

December

• 20 The Golden Key - TSA Locks and Encryption
• 09 Xenserver V2P Migration

November

• 02 Verifying JS Integrity

October

• 28 Adding hostnames or PTR records to piwik
• 16 Negative space

September

• 21 First Cyberinsurance claim?
• 05 2Gbps fibre is a gimmick

August

• 15 Rules of Engagement in Cyberspace

July

• 30 Facebook Open Graph Tags Modification
• 12 Google Calendar API v3
• 03 Open letter to ICANN on PPSAI

June

• 25 Website goes offline for 3 months
• 01 Email fraud part 2

May

• 18 Email fraud

April

• 30 iPad POS
• 24 1FA
• 12 IJIS plaintext offender

March

• 29 Information Leakage
• 06 Uber's github slip up

February

• 28 ASUS RT-N15U external antennae mod
• 07 Online text binning tool

January

• 31 Public Private Partnerships in Cybersecurity
• 09 On Physical Authentication

2014

December

• 15 Dumping Aztech DSL1015EN firmware
• 08 Cloning Mifare 1K cards

November

• 15 A different kind of birthday attack

October

• 26 Code runs on code

September

• 07 Flaws of a single ecosystem

July

• 21 Software Versioning
• 12 Wireless Woes

June

• 22 unrar
• 16 Problems with Distributed Architecture
• 02 New Form of DDoS

May

• 21 Web Development in Singapore
• 08 How I (cheated and) won a quiz

March

• 10 Immigration checks

February

• 22 Encryption and blackmailing
• 01 Singtel's 5012NV-002 vulnerability

2013

December

• 15 Multiple inboxes with same email address
• 10 preloading pages
• 04 mysql optimization

November

• 23 private TLDs
• 16 URL shortening services
• 12 windows file metadata
• 06 Layered security
• 03 Web = public

October

• 29 Continuity plan
• 18 happy monthiversary
• 15 EFI
• 04 rainmeter

September

• 23 Default printer settings
• 15 Problems with FTP
• 06 Hiding compressed files in images

August

• 15 Hijacking QR codes
• 12 Interesting bluetooth experiment
• 05 USB 3.0
• 03 Server cluster for $500
• 03 A little experiment

July

• 20 cloudflare
• 07 Allure of sysprep
• 02 webview vs native

June

• 24 iptables -F
• 18 Linux box to AP with hostapd/dhcpd/iptables
• 15 Stealing code
• 13 Spoofing NUS WPA2 and stealing credentials
• 13 Dual booting
• 01 Orbital Project Log
• 01 Orbital Project Wiki

May

• 30 apache vs nginx/lighttpd
• 27 Running you own home server part 2
• 26 Running your own home server
• 25 300kb - 300mb

2012

December

• 08 Ethic issues concerned with Artificial Intelligence(AI) in decision making processes

October

• 10 Ethical concerns regarding the transition from software to abandonware

September

• 20 Ethicality of certain practices in the telecommunication industry