Digital NRIC Spoofing

Pretty interesting how easy it is to spoof the animated hologram thingy in the new Digital NRIC. Managed to build a Proof of Concept (POC) within a few hours of the news release. Govtech's response is as follow: Hi Benjamin, We refer your report submitted under the Vulnerability Disclosure ...

Industry Consultation on Licensing for CSPs

Below feedback was submitted to CSA on 11 Oct 2021 in an individual capacity. Q1 I refer to item 7 on page 6 of Annex A: Industry Consultation Document, reproduced below. If a company registered in Singapore or an individual residing and working in Singapore is only providing cybersecurity ...

Police and private sector forensics differences

Due to the nature of work, there is a vast difference between the skillset of a law enforcement cyber forensics analyst and his private sector counterpart. If you are intending to hire an ex-law enforcement analyst, do read on to find out if it is a good fit. Law enforcement forensics analysts ...

LOLBin: printui.dll

Printer Settings User Interface is an executable file that contains functions used by the printer configuration dialog boxes. Functionality includes listing printer properties, adding new printers, installing printer via inf file, storing printer settings into a file and loading printer ...

Exploring Singapore's Vaccination Cert

Upon completing my COVID vaccination, I was pleasantly surprised to receive a digitally signed vaccination certificate. Based on my previous experience, I knew that getting a traditionally certified genuine chop stamp true copy of a certificate was not going to be cheap. A quick google search ...

SPF, DKIM, DMARC in a nutshell

I have just learnt something new about how SPF and DMARC interact with each other and the unexpected behaviour that might result from it. I find that most articles tend to cover SPF and DMARC separately and hence I will attempt to document the interaction in this article. Before we can proceed, ...

Infosec career progression

What are the technical requirements to progress in your career in cybersecurity? How do you move from an entry level analyst position into a senior analyst position? Starting from the defensive side of the house, an L1 SOC analyst usually starts with no experience in cybersecurity. The job role ...

Windows Trust Boundaries

Understanding Windows trust boundaries is important as a penetration tester as security vulnerabilities are usually found at these boundaries. As an application developer, understanding these boundaries will help you develop more secure applications. I have never found this information ...