{"certifications":{"mcd1z27o":{"date":"June 2024","title":"Certified Network Security Practitioner (CNSP)"},"mcd1zby5":{"date":"November 2024","title":"Certified AppSec Practitioner (CAP)"},"mcd1zkmn":{"date":"January 2025","title":"Certified Mobile Pentester (CMPen - iOS)"},"mcd1zvgp":{"date":"February 2025","title":"Certified Mobile Pentester (CMPen - Android)"},"mcd206g0":{"date":"March 2025","title":"Comptia Pentest+"},"mcd20e1x":{"date":"June 2025","title":"CyberWarfare Red Team Analyst (CRTA)"},"me34q1xi":{"date":"August 2025","title":"TryHackMe Jr Penetration Tester (PT1)"},"me876yv6":{"date":"August 2025","title":"HackTheBox CPTS"},"mop8chiq":{"date":"2nd May 2026","title":"Offsec OSCP"},"mop8cpjw":{"date":"2nd May 2026","title":"Offsec OSCP+"}},"projects":{"lr39mirl":{"mobile":"The platform's paramount emphasis on inclusivity manifests in its meticulous crafting to ensure seamless accessibility across various devices. Its user-friendly interface and responsiveness to diverse screen sizes epitomize a commitment to providing an equitable experience. By prioritizing mobile responsiveness, the platform eliminates barriers to participation, fostering an environment where individuals can effortlessly engage with challenges, irrespective of the device they choose to access it from.","mobileIMG":{"desktop":"https://res.cloudinary.com/dur07sfvb/image/upload/v1704618134/ueyew0juc9axe6ol5xcv.png","mobile":"https://res.cloudinary.com/dur07sfvb/image/upload/v1704618130/bu75rzdjer6o3j0sqpbh.png","tablet":"https://res.cloudinary.com/dur07sfvb/image/upload/v1704618131/vr3gpiz1awwsyplpds41.png"},"optional":[{"description":"As a new arm of GDSC, our primary aim is fostering a vibrant cybersecurity community. Our focus revolves around encouraging learning, collaboration, and innovation in digital security. We're launching monthly Capture The Flag (CTF) challenges to bolster cybersecurity skills and facilitate networking. Join us on this journey of exploration, where challenge submissions foster mutual learning. The best challenges each month earn a spot in our Hall of Fame. Together, let's forge a path toward a safer digital world.","fakeURL":"blob:https://ccx-admin.firebaseapp.com/1e6314a3-1bb7-4e16-b98a-7a09718470af","id":0,"identifier":"Title, Text & Picture","img":"https://res.cloudinary.com/dur07sfvb/image/upload/v1704618131/jux672at9wydfgax2rhe.png","title":"Community Driven"}],"overview":"Tailored specifically for GDSC APU (Google Developer Student Club Asia Pacific University), the development of the Capture The Flag (CTF) platform showcases a blend of innovative design and technical prowess. This platform serves as an intricate ecosystem hosting monthly challenges meticulously crafted to engage participants in a dynamic exploration of their technical capabilities. Beyond a mere competition, these challenges aim to foster skill enhancement and community interaction among the vibrant network of students associated with GDSC APU.","projectStack":{"css":true,"firebase":true,"html":true,"js":true,"react":true},"projectURL":"https://apu-ctf.web.app/","technology":"The platform's technical foundation is built upon a sophisticated amalgamation of cutting-edge technologies. Leveraging tools such as React, HTML, CSS, JavaScript, and Firebase, the platform ensures a seamless user experience. React's dynamic rendering, coupled with the aesthetic appeal crafted through HTML and CSS, enhances the visual interface. JavaScript enriches functionality, while Firebase provides a robust and scalable backend infrastructure, guaranteeing a high-quality platform.","title":"CTF Platform","type":"Cybersecurity"},"m6q4bwju":{"mobile":"","mobileIMG":{"desktop":"https://res.cloudinary.com/dur07sfvb/image/upload/v1738651737/bfxqmorao0oiuqlzyuci.png"},"overview":"Battle of Hackers CTF - Return of the Legends by Nor Azlina Abd Rahman, Chai Cheng Xun, and Jeremy Phang Kah Chun is a book for people who love Capture the Flag (CTF) competitions and cybersecurity challenges. It was written by the Forensic and Cyber Security Research Centre Student Section (FSEC-SS) team, who have a lot of experience in both joining and running CTF events. Since 2016, the FSEC-SS team has been organizing the Battle of Hackers (BOH) Competition, starting with just APU students and later opening it to all university students in Malaysia in 2018. In 2023, they made it bigger by inviting students from the ASEAN region, and it became a popular event. Now, in 2024, they plan to take BOH global by inviting students from all over the world. This book shares the story of BOH’s growth and is a helpful guide for anyone interested in cybersecurity.","projectStack":{"ctf":true},"projectURL":"https://a.co/d/6UY8yY4","technology":"","title":"Battle of Hackers CTF - Return of The Legends","type":"Cybersecurity"},"mcef7pnl":{"mobile":"","mobileIMG":{"desktop":"https://res.cloudinary.com/dur07sfvb/image/upload/v1751005085/kvanxreg6f0lg6nhdnfe.png","mobile":"","tablet":""},"optional":[{"description":"This tool provides effortless AWS CLI command use. Using the AWS CLI is simple, even for people who are new to cloud tools. You can list your S3 buckets with s3 ls and copy files with s3 cp using just basic commands. If you want to check bucket versioning or see old versions of files, you can use s3api get-bucket-versioning and s3api list-object-versions. Getting a file is easy with s3api get-object. To manage secrets, you can use secretsmanager list-secrets to see all your secrets and secretsmanager get-secret-value to read one. With Lambda, you can use lambda list-functions to see your functions, lambda get-function to check details, and lambda invoke to run one. The sts get-caller-identity command shows who you are in the system. These commands help you use AWS in a simple and clear way.","fakeURL":"blob:http://localhost:3000/bde19231-0d73-4a6e-b0ef-fac4e36a6186","id":0,"identifier":"Title, Text & Picture","img":"https://res.cloudinary.com/dur07sfvb/image/upload/v1751005357/kmgoi8wh7lwaansup1sg.png","title":"Effortless AWS CLI Commands"}],"overview":"This AWS CLI Command Builder is part of the Attack the Cloud: AWS Security Workshop, a hands-on workshop focused on identifying and exploiting common AWS misconfigurations. The tool is designed to help beginners understand how AWS CLI commands are structured by allowing them to explore different parameters and options, instead of memorizing full commands. All commands included here match the workshop labs, covering topics such as Insecure S3 Buckets, Bucket Versioning, Secrets Manager, and Lambda Functions, so participants can easily build the exact commands needed for each exercise. This helps new users gain confidence with the AWS CLI while focusing on relevant examples from the workshop.","projectStack":{"css":true,"html":true,"js":true,"react":true},"projectURL":"https://chai-cheng-xun.web.app/aws-command-builder","technology":"","title":"AWS Command Builder","type":"Cybersecurity"},"mhx6y2vm":{"mobile":"","mobileIMG":{"desktop":"https://res.cloudinary.com/dur07sfvb/image/upload/v1763023963/xf8xjpjbtn9efzgrwcqq.jpg"},"optional":[{"description":"The Siber Siaga: Code Combat 2025 CTF was split into three different phases. Competition started with Stage 1: Jeopardy Preliminary. This format is very common in CTF, where competitors gotta solve challenges across different categories. Categories in this first part included AI/ML, Binary Exploitation, Blockchain Exploitation, Cryptography, Digital Forensics, Reverse Engineering, and Web Exploitation. After the prelims, they moved to Stage 2: Threat Intelligence, where the focus shifted to finding and analyzing evidence from a hypothethical scenario. The final test was Stage 3: Attack and Defence, a high-pressure setup to see if teams could protect their own systems while also attacking the other team's boxes in real time.","id":0,"identifier":"Title & Text","title":"Event Flow"},{"description":"The phase is built using a fake electronic warfare scenario, where players gotta find evidence step-by-step to find the unknown threat actor. Challenges are set up sequentially across multiple phases, you finish one, and the next one opens up, making the investigation deeper and deeper. The idea is that solving each challenge gives more clues about the threat actor, so you can reconstruct the whole story of how the attack happened once you completed all challenges. This special structure mixed up many technical cybersecurity categories, from digital forensics to physical security challenges, so it feels just like a real-world, multi-sided intelligence operation.","id":1,"identifier":"Title & Text","title":"Stage 2: Threat Intelligence"},{"description":"This was our first time hosting an Attack & Defence competition, and setting up the infrastructure was very challenging. Unlike the usual Jeopardy format, we had to build a fully isolated network environment so all attacks stayed inside the game network. We had to make sure the scoring was fair, stop any team from getting an unfair advantage, and keep the system stable under heavy live traffic. We also had to set the right security policies, with everything running on AWS. For 10 days straight, we slept only 3 hours a day to make sure everything worked as planned.","fakeURL":"blob:https://ccx-admin.firebaseapp.com/a8898e07-47b0-4e60-9d68-28a27322c7b2","id":2,"identifier":"Title, Text & Picture","img":"https://res.cloudinary.com/dur07sfvb/image/upload/v1763023965/nizdibaqgaokesgj91wy.jpg","title":"Stage 3: Attack and Defence"},{"description":"If you require assistance in creating cybersecurity events, such as technical workshops, Jeopardy-style CTFs, or full-scale Attack & Defence competitions, please feel free to contact us. We are ready and happy to help you design your next event.","id":3,"identifier":"Title & Text","title":"Small Advertisement"}],"overview":"The Siber Siaga: Code Combat 2025 Capture The Flag (CTF) event, created for the CyberDSA Conference, is a three-phase cybersecurity competition. It features over 50 CTF challenges, progressing through a preliminary stage, a threat intelligence stage, and a final attack and defense stage. The competition attracted more than 200 participants engaged in high-stakes cyber scenarios.","projectStack":{"ctf":true},"projectURL":"https://www.linkedin.com/posts/chai-cheng-xun_cyberdsa2025-ctf-attackanddefence-activity-7380514823505240064-EkgC","technology":"","title":"Siber Siaga: Code Combat 2025","type":"Cybersecurity"}},"workshops":{"mcd6l24o":{"description":"Hands-on AI security workshop by GDSC Asia Pacific University – explore the fundamentals of attacking machine learning systems through white-box and black-box techniques. Learn to evade image classifiers and manipulate LLM behavior using real-world tools and methods. ","link":"https://github.com/QiaoNPC/GDSC-PwnAI-Workshop-Materials","title":"GDGoC PwnAI: Introduction to Hacking AI","type":"AI Security"},"mcd6lvpb":{"description":"Hands-on mobile security workshop by GDG Asia Pacific University – explore Android pentesting basics using tools like JADX-GUI and HTTP Toolkit. Learn to analyze APKs, intercept traffic, and reverse engineer app logic. Includes guided challenges for strings.xml, source code review, reverse engineering, and network interception. ","link":"https://github.com/QiaoNPC/GDGoC-PwnMobile-Workshop-Materials","title":"GDGoC PwnMobile: Introduction to Mobile Security","type":"Android Security"},"mcd6mt7i":{"description":"In this workshop, participants will get hands-on experience discovering and exploiting common AWS security flaws. You'll learn how to spot and attack insecure S3 buckets, abuse bucket versioning, explore poorly configured IAM roles, extract secrets from AWS Secrets Manager, and reverse-engineer vulnerable Lambda functions. ","link":"https://github.com/QiaoNPC/FSECSS-AttackTheCloud-Workshop","title":"FSECSS Attack the Cloud: AWS Security Workshop","type":"Cloud Security"},"mcd6n9f5":{"description":"PwnDroid is a hands-on Android security workshop focused on source code review and dynamic analysis. Using tools like Frida, Magisk, and JADX, you'll learn to reverse engineer apps, hook functions, and bypass checks. Ideal for beginners exploring Android reverse engineering and app security. ","link":"https://github.com/QiaoNPC/CSLU_PwnDroid_Workshop","title":"CSLU PwnDroid: Introduction to Source Code Review & Dynamic Analysis","type":"Android Security"}},"writeups":{"lpqe6opy":{"link":"https://qiaonpc.github.io/categories/petronas-interuniversity-ctf-2023/","placement":"15/62","title":"Petronas Inter-University CTF 2023 Writeup","type":"Physical"},"lpqe74fk":{"link":"https://qiaonpc.github.io/categories/aboh-2023/","placement":"4/107","title":"ASEAN Battle of Hackers (ABOH) 2023 Writeup","type":"Physical"},"lq9piwko":{"link":"https://qiaonpc.github.io/categories/student-wargames-2023/","placement":"11/116 @ Student Category","title":"Wargames MY CTF 2023","type":"Online"},"ltlfg8xt":{"link":"https://qiaonpc.github.io/categories/rentas-rawsec-ctf-2024/","placement":"15/137","title":"rENTAS rawSEC 2024","type":"Online + Physical"},"m1z27gja":{"link":"https://qiaonpc.github.io/categories/sunctf-2024/","placement":"1st Place","title":"SunCTF 2024","type":"Physical"},"m3immfp3":{"link":"https://qiaonpc.github.io/categories/pwc-hackaday-2024/","placement":"Champion in Malaysia","title":"PWC HackADay 2024","type":"Physical"},"m3yib4fn":{"link":"https://qiaonpc.github.io/categories/sherpactf-2024/","placement":"3rd Place @ Open Category","title":"SherpaCTF 2024","type":"Physical"},"mb58s3vs":{"link":"https://qiaonpc.github.io/categories/netsa-ctf-2025/","placement":"2nd place","title":"NETSA SKILL CHALLENGE 2025","type":"Physical"},"mcss34mn":{"link":"https://qiaonpc.github.io/categories/cydes-qualifications-2025/","placement":"4/197","title":"Badge to Breach: ICS Cyber Siege 2025","type":"Online + Physical"},"mezcewt7":{"link":"https://qiaonpc.github.io/categories/sunctf-2025/","placement":"Champion","title":"SunCTF 2025","type":"Physical"},"mie5nacm":{"link":"https://qiaonpc.github.io/categories/sherpactf-2025/","placement":"5th","title":"SherpaCTF 2025","type":"Offline Onsite"}}}