Weihan GOH
Profile
Biography
Dr Weihan Goh is an Assistant Professor at the Singapore Institute of Technology (SIT), where he teaches primarily in the Information Security degree programme. His teaching and research interests include security testing and digital forensics, as well as technologies for cybersecurity education such as cyber ranges, CTF / CDX, and anti-fraud / anti-cheat systems. He leads the GoSecure vulnerability assessment programme funded by the Infocomm Media Development Authority of Singapore (IMDA), and is a Kaspersky Academy certified instructor on Malware Reverse Engineering and Analysis.
Beyond research, Dr Goh also participates in capture-the-flag exercises, and have mentored student teams participating in cybersecurity hackathons to successes both locally and internationally. Dr Goh received his PhD and BEng, both in Computer Engineering, from the Nanyang Technological University, Singapore, in 2013 and 2008 respectively. He goes by the CTF handler 'icebear'.
SIT Appointments
- Head of Verbosecurity Pte Ltd– Present
- Assistant Professor– Present
- Lecturer–
Education
- PhD (Computer Engineering)Nanyang Technological University , Singapore
- BEng (Computer Engineering)Nanyang Technological University , Singapore
Achievements
- Winner (Professional Track), 3rd Belkasoft CTF Challenge, Belkasoft and SPbCTF
- Winner (Professional Track), 2nd Belkasoft CTF Challenge, Belkasoft and SPbCTF
- 2nd Runner-Up, ICSJWG Capture the Flag (2021 Spring), CISA Industrial Control Systems Joint Working Group (ICSJWG) and Idaho National Laboratory
- 1st Runner-Up, Global CyberPeace Challenge 2.0 IT Capture-the-Flag, Cyber Peace Foundation
- Mentor to the Challenge Coin Winner, Hacksmith 4.0 Hackathon, Div0 [Project Title: Project Enigma - Detecting Indicators of Compromise Through RAM Analysis, Event Logs, and Malware Machine Learning]
- Mentor to the Challenge Coin Winner, Hacksmith 4.0 Hackathon, Div0 [Project Title: Drone Monitoring and Takedown System (DMTS)]
- Mentor to the 1st Runner-Up, Kaspersky Secur'IT Cup 2020 Grand Finals, Kaspersky Academy [Project Title: Drone Monitoring and Takedown System (DMTS)]
- 2nd Runner-Up (Team), Cellebrite CTF Challenge, Cellebrite
- Mentor to the 2nd Runner-Up, Develop for Social Good Track, JunctionX Asia 2020, JunctionX Singapore and Microsoft [Project Title: Drone Monitoring and Takedown System (DMTS)]
- Mentor to the Winner, Cyber Security Track, JunctionX Asia 2020, JunctionX Singapore and Kaspersky Academy [Project Title: Drone Monitoring and Takedown System (DMTS)]
- Top 5, Div0 x SINCON CMD+CTRL Cyber Range CTF, Div0
- Winner, Cybersecurity Challenge: Countering Digital Terrorism, UN Counter-Terrorism Centre, UN Office of Information and Communications Technology, and the UN Technology Innovation Labs
- Mentor to the 1st Runner-Up, Kaspersky Secur'IT Cup 2019 Grand Finals, Kaspersky Academy [Project Title: Automated Android Mobile Application Obfuscator (AAMAO)]
- 1st Runner-Up, DEF CON China 1.0 Scavenger Hunt, Defcon Scavenger Hunt
- Winner, BountyCon 2019 Capture-the-Flag Competition, Google and Facebook, Inc.
- Black Hat Asia 2019 Educator Scholarship, Black Hat Asia 2019
- 1st Runner-Up, Kaizen Singapore Challenge Contest, Booz Allen Hamilton, Inc.
- Project Finalist, 5th Asia Pacific Eldercare Innovation Awards, Ageing Asia
- Nanyang President's Graduate Scholarship, Nanyang Technological University–
- ASEAN Undergraduate Scholarship, Nanyang Technological University–
Professional Certification
- Kaspersky Academy Certified Instructor on Malware Reverse Engineering and AnalysisKaspersky–
- CREST Practitioner Security Analyst (CPSA)Council of Registered Security Testers–
- CREST Registered Penetration Tester (CRT)Council of Registered Security Testers–
Professional Memberships
- Member, Institute of Electrical and Electronics Engineers (IEEE)– Present
- Member, Association for Computing Machinery (ACM)–
Corporate Experience
- Head of Triage, Punggol Digital District: Connecting Smartness - Bug Bounty 1.0
- Judge, Singapore Science and Engineering Fair (SSEF) 2021
- Visiting Lecturer (BRICS Educational Internship Program), Far Eastern Federal University, Vladivostok, Russia
- Mentor and Judge, JunctionX Singapore Hackathon
- Judge, Kaspersky Secur'IT Cup Singapore Conference
- Judge, Kaspersky Secur'IT Cup Singapore Ideas Hackathon
- Visiting Lecturer, Ostbayerische Technische Hochschule Regensburg, Regensburg, Germany
Research
Research Interests
-
Security testing
-
Cyber ranges, cyber defense exercises, and capture-the-flag
-
Anti-fraud / Anti-cheat for education
-
Digital forensics and anti-forensics
-
Automation for cybersecurity / digital forensics
-
Blockchain and applied cryptography
Current Projects
- Realistic Cyber Environment for Education and Experimentation– Present
Principal Investigator, Realistic Cyber Environment for Education and Experimentation, Apr 2021 - Apr 2023. Grant Amount: S$249,980 / SIT Ignition Grant.
- GoSecure for ICT SMEs– Present
Project Lead, GoSecure for ICT SMEs, May 2018 - Jun 2021. Grant Amount: S$- / Infocomm Media Development Authority of Singapore.
Past Projects
- Heel Raise Measurement Device for Plantarflexion Physiotherapy–
Co-Principal Investigator, Heel Raise Measurement Device for Plantarflexion Physiotherapy, Nov 2015 - Aug 2017. Grant Amount: S$179,800 / SIT Ignition Grant.
Publication
Journal Papers
W. Goh and C. K. Yeo, "Teaching an Old TPM New Tricks: Repurposing for Identity-Based Signatures," IEEE Security & Privacy Magazine, vol. 11, no. 5, pp. 28-35, Sep. 2013.
W. Goh, P. C. Leong, and C. K. Yeo, "A Plausibly-Deniable, Practical Trusted Platform Module Based Anti-Forensics Client-Server System," IEEE Journal on Selected Areas in Communications, vol. 29, no. 7, pp. 1377-1391, Aug. 2011.
Conferences
S. R. Toh, W. Goh and C. K. Yeo, "Data Exchange via Multiplexed Color QR Codes on Mobile Devices," in 2016 Wireless Telecommunications Symposium (WTS), London, United Kingdom, Apr. 2016, pp. 1-6.
A. Q. Chen and W. Goh, "Two Factor Authentication Made Easy," in 2015 International Conference on Web Engineering (ICWE 2015), Rotterdam, The Netherlands, Jun. 2015, pp. 449-458.
C. Lee, L. Yi, L.-H. Tan, W. Goh, B. S. Lee and C. K. Yeo, "A Wavelet Entropy-Based Change Point Detection on Network Traffic: A Case Study of Heartbleed Vulnerability," in 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom 2014), Singapore, Dec. 2014, pp. 995-1000.
W. Goh and C. K. Yeo, "Cryptanalyzing the Efficient Identity-Based RSA and GQ Multisignature Schemes," in 2014 International Wireless Communications and Mobile Computing Conference (IWCMC 2014), Nicosia, Cyprus, Aug. 2014, pp. 875-880.
W. Goh and C. K. Yeo, "Anonymity-Preserving Identity-Based Multisignature Scheme with Provision for Origin Self-Revelation," in 2013 IEEE Global Telecommunications Conference (GLOBECOM 2013), Atlanta, GA, Dec. 2013, pp. 855-860.
W. Goh and C. K. Yeo, "Threat Mitigation in Tactical-Level Disruption Tolerant Networks," in 2012 IEEE Global Telecommunications Conference (GLOBECOM 2012), Anaheim, CA, Dec. 2012, pp. 997-1003.
F. C. Lee, W. Goh, and C. K. Yeo, "A Queuing Mechanism to Alleviate Flooding Attacks in Probabilistic Delay Tolerant Networks," in 2010 Sixth Advanced International Conference on Telecommunications (AICT 2010), Barcelona, Spain, May 2010, pp. 329-334.
W. Goh, P. C. Leong, and C. K. Yeo, "A Trusted Platform Module Based Anti-Forensics System," in IFIP International Conference on Network and Service Security, 2009 (N2S '09), Paris, France, Jun. 2009, pp. 1-5.
Teaching
Teaching Modules
Information and Communications Technology (Information Security), BEng (Hons)
- ICT2202 - Digital Forensics
- ICT2206 - Web Security
Past
- ICT2205 - Applied Cryptography
- ICT2207 - Mobile Security
- ICT1003 - Computer Organisation and Architecture [Tutorials / Practical Sessions]
- ICT3103 / 3203 - Secure Software Development