Event highlights

It was approaching 8am on 7 November at the PwC Malaysia Kuala Lumpur office. Teams of budding cybersecurity enthusiasts, armed with laptops, had already arrived well ahead of time, poised for the much-anticipated Capture the Flag (CTF) competition that does not officially begin for another hour.

Called ‘Hack A Day’, PwC Malaysia’s inaugural CTF competition was supported by CyberSecurity Malaysia. It was held concurrently in multiple territories across Asia Pacific—from Hong Kong and Macau to Indonesia and Vietnam. It is one of the very few CTF competitions in Malaysia which extends beyond the country, where students do not only compete amongst the Malaysia teams, but also regionally in a challenge involving over 300 participants.

Clarence Chan, Digital Trust and Cybersecurity Leader at PwC Malaysia expressed, ‘We’ve been dreaming of organising this event for some time now, it’s something we’ve always wanted to do, to build a sense of community among cyber practitioners.

With the right skill sets and mindset, we are all being tasked to help businesses and organisations to solve various cybersecurity challenges. And it’s an ongoing challenge: so many organisations domestically and internationally are getting breached. When we do our incident response and cyber forensic activities, the methods and patterns of attack are not something we are unaware of. The question is “how can we do more to help organisations to prevent these breaches?”’

A total of 10 teams, each consisting of four players, stepped into the arena. Some participants were seasoned, regular players on the circuit, while others were first-time contenders.

Participants of PwC Malaysia’s inaugural CTF competition with guests and PwC leaders, (middle row, second from left) Elaine Ng (Risk Services Leader), Nurul A’in Abdul Latif (Executive Chair), Sundara Raj, and Clarence Chan

Clarence speaking to the participants before the competition started

The competition begins

The theme, ‘Securing AI,’ emphasises the significance of potential security risks tied to artificial intelligence (AI). Players found themselves grappling with AI models and tools, a unique opportunity for students to interact with these tools while demonstrating their problem-solving skills as they competed against peers.

Ong Ching Chuan, Assurance Leader at PwC Malaysia, highlighted in his opening remarks, ‘In Malaysia and the Asia Pacific region, with the advancement and increased sophistication of technology, we have various touchpoints with AI in our day-to-day lives. The theme of “Securing AI” reflects the essence of what’s important to PwC, and that is trust.’

The competition assessed the teams across six hacking categories, including AI, cloud, Red Team & Blue Team, threat intelligence & incident response, web, and binary & reverse engineering.

As the clock struck 9.15am, players assumed their positions, surrounded by the watchful eyes of their assigned PwC mentors from the Cyber Threat Operations team, ready to offer guidance where needed. Two giant scoreboards loomed on screens, one meticulously tracking the accumulated points of the Malaysian contenders and the other revealing their regional rankings. The room fell silent and crackled with intensity as players delved into the challenges, interrupted only by the occasional team chatter.

After almost seven hours of intense competition, three winners emerged: APT 69 of Asia Pacific University of Technology & Innovation, or APU (champion), A1ph4_Sh4rk! of Tunku Abdul Rahman University of Management and Technology, or TAR UMT (1st runner-up) and DinoDefend3rs of APU (2nd runner-up).

Ong Ching Chuan delivering his opening remarks

In his closing remarks, PwC Malaysia’s Chief Digital Officer, Sundara Raj, extended his congratulations to the participants, expressing his admiration for their passion throughout the competition.

‘We’re really proud to be able to host this event. This is very important for us as we develop new and younger talents in this field. I think you guys are building up skills that are going to be very much in demand, not just now but well into the future.’

Participating teams of the CTF competition focusing on solving the challenges

Sundara Raj giving his closing speech

Meet the winners

APT 69

Hailing from APU, team APT 69 was crowned the winning team with a total score of 1,910.

Recognising the diverse terrain of the cybersecurity landscape, the team shared that the event was an opportunity for them to delve into various facets of cybersecurity, contributing to a more enriched skill set.

‘For us, this was an opportunity to learn and enhance our cybersecurity skills. All four of us have different cybersecurity specialisations. Some focus on forensics, others on binary exploitation, and some are interested in web exploitation. So we work together to try and solve the challenges together.’

A1ph4_Sh4rk!

With a total score of 1,260, team A1ph4_Sh4rk! of TAR UMT came in second place.

Reflecting on the advice provided by their mentor, which left a lasting impression, the team emphasised the responsibility that comes with stepping into the cybersecurity field — ensuring community safety. The team also acknowledged the importance of training the next generation, particularly students, to have a better understanding of cybersecurity.

‘Cybersecurity is like a cat-and-mouse game where we have to constantly improve our skills so we don’t get caught. That’s the exciting part that we love about cybersecurity.’

DinoDefend3rs

Representing APU, team DinoDefend3rs secured the third place position with a total score of 1,160.

They shared their excitement about delving into AI and cloud categories for the first time, recounting the thrilling moments of tackling an AI challenge in the final minutes of the competition.

‘We were actually trying to solve it since the beginning of the competition. We spent two hours on that and eventually set it aside and focused on other challenges. We went back to it towards the end and we tried to find a way to bypass the AI. But we saw the other team had beaten us. That gave us an adrenaline rush, and we eventually solved the challenge 15 minutes before the competition ended.’