Get in Touch

With Weihan GOH

Name and email
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Associate Professor

Weihan GOH

Associate Professor
Head of Verbosecurity Pte Ltd
PhD (Computer Engineering), Nanyang Technological University, Singapore
Cluster:
Infocomm Technology
Email
LinkedIn
Google Scholar

Biography

Dr Weihan Goh is an Associate Professor at the Singapore Institute of Technology (SIT), where he teaches primarily in the Information Security degree programme. His research interests include security testing and digital forensics, as well as technologies for cybersecurity education such as cyber ranges, CTF / CDX, and anti-fraud / anti-cheat systems. He is currently leading the construction of SIT's first cyber range in collaboration with DSO National Laboratories.

As a vulnerability researcher, Dr Goh has been involved in vulnerability research leading to disclosures of vulnerabilities to both government and private stakeholders. An expert in non-traditional education pathways, he designed one of Singapore's first competency-based workplace-learning degree pathways for adult learners, and prior to that, designed the curriculum pathways for Singapore's first Cyber NSF work-learn programme.

Beyond teaching and research, Dr Goh participates in capture-the-flag exercises and have mentored student teams participating in cybersecurity competitions to successes both locally and internationally. Dr Goh received his PhD and BEng, both in Computer Engineering, from the Nanyang Technological University, Singapore, in 2013 and 2008 respectively. He is a multiple SANS coin winner, and goes by the CTF handler 'icebear'.

SIT Appointments

  • Associate Professor
    Present
  • Head of Verbosecurity Pte Ltd
    Present
  • Assistant Professor
  • Lecturer

Education

  • PhD (Computer Engineering)
    Nanyang Technological University , Singapore
  • BEng (Computer Engineering)
    Nanyang Technological University , Singapore

Achievements

  • 1st Runner-Up, Dragos Industrial Security Conference (DISC) 2022 Capture the Flag, Dragos, Inc.
  • Winner (Professional Track), 5th Belkasoft Capture the Flag Challenge, Belkasoft and ExtremeRoot
  • 2nd Runner-Up (Team), SANS ICS Security Summit 2022 Capture the Flag, SANS and Dragos, Inc.
  • Winner, Teaching Excellence Award 2020/21, Singapore Institute of Technology
  • Finalist, Global CyberPeace Challenge 3.0 IT Capture the Flag, Cyber Peace Foundation
  • 2nd Runner-Up, Dragos Industrial Security Conference (DISC) 2021 Capture the Flag, Dragos, Inc.
  • Winner (Professional Track), 3rd Belkasoft Capture the Flag Challenge, Belkasoft and SPbCTF
  • Winner (Professional Track), 2nd Belkasoft Capture the Flag Challenge, Belkasoft and SPbCTF
  • 2nd Runner-Up, ICSJWG Capture the Flag (2021 Spring), CISA Industrial Control Systems Joint Working Group (ICSJWG) and Idaho National Laboratory
  • 1st Runner-Up, Global CyberPeace Challenge 2.0 IT Capture the Flag, Cyber Peace Foundation
  • Mentor to the Challenge Coin Winner, Hacksmith 4.0 Hackathon, Div0 [Project Title: Project Enigma - Detecting Indicators of Compromise Through RAM Analysis, Event Logs, and Malware Machine Learning]
  • Mentor to the Challenge Coin Winner, Hacksmith 4.0 Hackathon, Div0 [Project Title: Drone Monitoring and Takedown System (DMTS)]
  • Mentor to the 1st Runner-Up, Kaspersky Secur'IT Cup 2020 Grand Finals, Kaspersky Academy [Project Title: Drone Monitoring and Takedown System (DMTS)]
  • 2nd Runner-Up (Team), Cellebrite Capture the Flag Challenge, Cellebrite
  • Mentor to the 2nd Runner-Up, Develop for Social Good Track, JunctionX Asia 2020, JunctionX Singapore and Microsoft [Project Title: Drone Monitoring and Takedown System (DMTS)]
  • Mentor to the Winner, Cyber Security Track, JunctionX Asia 2020, JunctionX Singapore and Kaspersky Academy [Project Title: Drone Monitoring and Takedown System (DMTS)]
  • Top 5, Div0 x SINCON CMD+CTRL Cyber Range Capture the Flag, Div0
  • Winner, Cybersecurity Challenge: Countering Digital Terrorism, UN Counter-Terrorism Centre, UN Office of Information and Communications Technology, and the UN Technology Innovation Labs
  • Mentor to the 1st Runner-Up, Kaspersky Secur'IT Cup 2019 Grand Finals, Kaspersky Academy [Project Title: Automated Android Mobile Application Obfuscator (AAMAO)]
  • 1st Runner-Up, DEF CON China 1.0 Scavenger Hunt, Defcon Scavenger Hunt
  • Winner, BountyCon 2019 Capture the Flag Competition, Google and Facebook, Inc.
  • Black Hat Asia 2019 Educator Scholarship, Black Hat Asia 2019
  • 1st Runner-Up, Kaizen Singapore Challenge Contest, Booz Allen Hamilton, Inc.
  • Project Finalist, 5th Asia Pacific Eldercare Innovation Awards, Ageing Asia
  • Nanyang President's Graduate Scholarship, Nanyang Technological University
  • ASEAN Undergraduate Scholarship, Nanyang Technological University

Professional Certification

  • Kaspersky Academy Certified Instructor on Malware Reverse Engineering and Analysis
    Kaspersky
  • CREST Practitioner Security Analyst (CPSA)
    Council of Registered Security Testers
  • CREST Registered Penetration Tester (CRT)
    Council of Registered Security Testers

Professional Memberships

  • Member, Institute of Electrical and Electronics Engineers (IEEE)
    Present
  • Member, Association for Computing Machinery (ACM)

Corporate Experience

  • Judge, Kaspersky Secur'IT Cup 2021 Global Finals
  • Judge, Kaspersky APAC Secur'IT Cup 2021
  • Head of Triage, Punggol Digital District: Connecting Smartness - Bug Bounty 1.0
  • Judge, Singapore Science and Engineering Fair (SSEF) 2021
  • Visiting Lecturer (BRICS Educational Internship Program), Far Eastern Federal University, Vladivostok, Russia
  • Mentor and Judge, JunctionX Singapore Hackathon
  • Judge, Kaspersky Secur'IT Cup Singapore Conference
  • Judge, Kaspersky Secur'IT Cup Singapore Ideas Hackathon
  • Visiting Lecturer, Ostbayerische Technische Hochschule Regensburg, Regensburg, Germany

Research Interests

  • Cyber ranges, cyber defense exercises, and capture-the-flag
  • Anti-fraud / Anti-cheat for education
  • Digital forensics and anti-forensics
  • Automation for cybersecurity / digital forensics
  • Security testing
  • Blockchain and applied cryptography

Current Projects

  • Realistic Cyber Environment for Education and Experimentation
    Present

    Principal Investigator, Realistic Cyber Environment for Education and Experimentation, Apr 2021 - Apr 2023. Grant Amount: S$249,980 / SIT Ignition Grant.

Past Projects

  • GoSecure for ICT SMEs

    Project Lead, GoSecure for ICT SMEs, May 2018 - Dec 2021. Funding Agency: Infocomm Media Development Authority of Singapore.

  • Heel Raise Measurement Device for Plantarflexion Physiotherapy

    Co-Principal Investigator, Heel Raise Measurement Device for Plantarflexion Physiotherapy, Nov 2015 - Aug 2017. Grant Amount: S$179,800 / SIT Ignition Grant.

Journal Papers

  • W. Goh and C. K. Yeo, "Teaching an Old TPM New Tricks: Repurposing for Identity-Based Signatures," IEEE Security & Privacy Magazine, vol. 11, no. 5, pp. 28-35, Sep. 2013.

  • W. Goh, P. C. Leong, and C. K. Yeo, "A Plausibly-Deniable, Practical Trusted Platform Module Based Anti-Forensics Client-Server System," IEEE Journal on Selected Areas in Communications, vol. 29, no. 7, pp. 1377-1391, Aug. 2011.

Conferences

  • Z. X. Lim, X. Q. Ho, D. Z. Tan and W. Goh, "Ensuring Web Integrity through Content Delivery Networks," in 2022 IEEE World AI IoT Congress (AIIoT), Seattle, WA, Jun. 2022, pp. 494-500, doi: 10.1109/AIIoT54504.2022.9817199.

  • S. R. Toh, W. Goh and C. K. Yeo, "Data Exchange via Multiplexed Color QR Codes on Mobile Devices," in 2016 Wireless Telecommunications Symposium (WTS), London, United Kingdom, Apr. 2016, pp. 1-6.

  • A. Q. Chen and W. Goh, "Two Factor Authentication Made Easy," in 2015 International Conference on Web Engineering (ICWE 2015), Rotterdam, The Netherlands, Jun. 2015, pp. 449-458.

  • C. Lee, L. Yi, L.-H. Tan, W. Goh, B. S. Lee and C. K. Yeo, "A Wavelet Entropy-Based Change Point Detection on Network Traffic: A Case Study of Heartbleed Vulnerability," in 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom 2014), Singapore, Dec. 2014, pp. 995-1000.

  • W. Goh and C. K. Yeo, "Cryptanalyzing the Efficient Identity-Based RSA and GQ Multisignature Schemes," in 2014 International Wireless Communications and Mobile Computing Conference (IWCMC 2014), Nicosia, Cyprus, Aug. 2014, pp. 875-880.

  • W. Goh and C. K. Yeo, "Anonymity-Preserving Identity-Based Multisignature Scheme with Provision for Origin Self-Revelation," in 2013 IEEE Global Telecommunications Conference (GLOBECOM 2013), Atlanta, GA, Dec. 2013, pp. 855-860.

  • W. Goh and C. K. Yeo, "Threat Mitigation in Tactical-Level Disruption Tolerant Networks," in 2012 IEEE Global Telecommunications Conference (GLOBECOM 2012), Anaheim, CA, Dec. 2012, pp. 997-1003.

  • F. C. Lee, W. Goh, and C. K. Yeo, "A Queuing Mechanism to Alleviate Flooding Attacks in Probabilistic Delay Tolerant Networks," in 2010 Sixth Advanced International Conference on Telecommunications (AICT 2010), Barcelona, Spain, May 2010, pp. 329-334.

  • W. Goh, P. C. Leong, and C. K. Yeo, "A Trusted Platform Module Based Anti-Forensics System," in IFIP International Conference on Network and Service Security, 2009 (N2S '09), Paris, France, Jun. 2009, pp. 1-5.

Teaching Modules

Information and Communications Technology (Information Security), BEng (Hons)

  • ICT2202 - Digital Forensics
  • ICT2206 - Web Security

Past

  • ICT2205 - Applied Cryptography
  • ICT2207 - Mobile Security
  • ICT1003 - Computer Organisation and Architecture [Tutorials / Practical Sessions]
  • ICT3103 / 3203 - Secure Software Development