Malaysia Cybersecurity Camp 2022

Hey folks, it has been a year since the event took place, time really flies. A lot of things had happened in the year and they change the way I see the world, eventually shape me into a stronger person. I thought that it might be a good time to write an article, briefly covering the experience that I had during the first edition of Malaysia Cybersecurity Camp (MCC) which happened in December 2022. Hope that some of you would find it helpful as a reference, especially those who are just starting out their journey. Keep reading to find out how I officially got my feet wet in the cyber security industry.

What is MCC?

MCC stands for Malaysia Cybersecurity Camp (official website). It made its first debut in year 2022 as a 4-day training camp, where 28 university students (out of 100+ applications) were being selected nationwide, to join the camp. The best part? Everything was fully sponsored, such as accommodation, and food. MCC not only acts as a platform to bridge the gap between the students and the professionals, but also provides the opportunity for the cybersecurity enthusiasts from different levels to meet, connect, and network with each other. Trainers and crews who came are all voluntarily basis.

Where it all started

I came across information about this event on a social media platform. During that time, it wasn’t even accepting applications yet. It was just a very early teasers and advertisement. The moment I saw it, I knew that I had to grab this opportunity as it was the first time Malaysia is having this kind of event.

Once the registration opened, I threw in all the required details, and hoped for the best. Well as you might have guessed, I was called for the interview session a few weeks after. I gave all I had. Both the soft skills and technical aspect was covered in the session. I still remember telling my parents after the interview session, saying that how on earth am I going to stand out among these talented students considering that my profile during the time was so average.

But I made it weeeee~

Workshops and trainings

The first day was pretty chill, we were just registering ourselves, checking-in our rooms, ice breaking, and running team allocation. The workshops commenced on the second and third day of the camp. There were 2 workshops each day and participants were allowed to attend only one workshop per day due to time constraints. More details can be found in the link provided in the introduction paragraph above, but basically, there were 1 workshop related to red teaming, and 1 workshop related to blue teaming each day.

I selected red team track for my first day of workshop: Active Directory hacking. It was something that I have always wanted to dive into, yet if you’ve done this previously, you know that it’s not a beginner friendly topic. However, after the session, I managed to obtain a great understanding on AD structure, configurations, authentication methods, tools, and attacking techniques. Lastly, we wrapped up the session with hands-on assignment, where we applied what we’ve learnt in the day, from enumeration, to identifying vulnerabilities and misconfiguration, then abusing ACLs, dumping passwords, and finally compromising the domain. I secured top 3 in the mini competition xD

While for my second workshop on the next day, I’ve chosen the blue team track: What does it takes to become the next Blue Team expert? It provided an overview on the structure of cyber defense center, threat intelligence life cycle, and other stuffs that a blue team does. We’ve also got hands-on session on utilizing Splunk to analyze log patterns, identify IOCs, and carry out investigation processes. Real world log files extracted from private company was provided as learning materials.

After the camp

Now, you might be wondering what happened after these 4 adventurous days? Everyone went back to their normal lives and hoped that one day we’ll randomly meet again on the street? Fortunately, that’s not the case.

It was an eye-opening journey, at least for me, to gain a clearer picture on the situations of the cybersecurity industry both locally and worldwide. I did get plenty of opportunities to talk to the trainers, as well as people who has been in the industry for a long time. Those pieces of advice given meant a lot to me in terms of finding my niche expertise, and carving out my career path.

In fact, a CTF team named M53 is created. Initially, most of the members were originated from this camp and the objective of this CTF team is to bring Malaysia’s name towards the international stage. We’re actively participating CTFs on CTFtime. Rather than viewing it as a pure CTF team, I would say it’s more like a small community, where we share cybersecurity knowledge and resources with each other. Sharing sessions, challenges walkthroughs, and members meet-ups are also being conducted frequently. Oh ya, just in case you’re wondering, M53 stands for Malaysia Security Enthusiasts.

See the awesome stuffs that we’ve done here!

My thoughts

So, was it worth it? Absolutely. Credits to the camp, I’ve met a bunch of like-minded friends where all of us still stay in contact and updated with each other until these days. We’ve joined lots of competitions, attended conferences, as well as hosted events together. I might not able to cover every details in the camp, but that’s what left for you to discover on your own.