Year 2023
In the dynamic domain of cybersecurity, where every keystroke carries the weight of strategy and victory, Team bi0s has transcended the conventional definition of a club.
CTF, DFC, C2C – these are not just events; they’re the arenas where our members have carved out a legacy of excellence.
We, a collective of college students from Amrita Vishwa Vidyapeetham, Amritapuri, harbour a profound passion for cybersecurity and hold an unwavering commitment to safeguarding tomorrow’s Cyber Space. With a rich legacy spanning over a decade, we proudly lead the nation in CTF (Capture The Flag) rankings, holding the esteemed position of No. 1 nationally and 46th worldwide according to CTFtime.
With this context in mind, let’s delve into the highlights of our endeavours in the past year.
CTFs
DFC 2023
Digital Forensics Challenge (DFC 2023), conducted by the Korea Institute of Information Security and Cryptology (KIISC), was a competition where around 1200 participants, including researchers and working professionals in the field, engaged in a five-month long endeavour of solving real-world DFIR (Digital Forensics & Incident Response) challenges.
Our team members Nithin Chenthur, Sabhya Raj, Yadhu Krishna & Johith Lal worked day and night during these 5 months, and the fruit of their work resulted in team bi0s emerging as the No. 1 International team in the competition, and 6th worldwide. We received a cash prize of ₩3,000,000 and an invitation to participate in the prestigious DFRF 2023 Workshop conducted in Seoul, South Korea.
DFRF Workshop is a workshop conducted by KIISC concurrent with DFC. This year, it was held at Militopia Hotel, Seongnam, Seoul, South Korea, where our team members took part in the event and also got a chance to present the work they did throughout the competition and receive the prize for DFC 2023.
During the workshop, they got the chance to interact with a lot of field professionals, researchers and enthusiasts specialising in Digital Forensics and Incident Response.
ACSC Quals
The ACSC (Asian Cyber Security Challenge) is the regional qualifier of the International Cybersecurity Challenge (ICC) — a global CTF competition, supported by the European Union Agency for Cybersecurity (ENISA). Two of our team members, Adhithya Suresh Kumar and Sejal Koshta, won and qualified for the ACSC finals held in the USA.
C2C Japan
In a leap towards global Cyber Security excellence, our members have achieved the prestigious distinction of participating in the esteemed Country-to-Country (C2C) competition in Japan, in 2023.
Organised by the Massachusetts Institute of Technology (MIT), & the International Cyber Security Center of Excellence (INCS-CoE), in collaboration with other distinguished universities, the C2C competition series spans 5 years.
The Hiyoshi campus of Keio University in Japan played host to the 4th edition of the C2C competition, marking India’s inaugural participation in this esteemed event.
Our team members Nithin Chenthur, Srilakshmi Prathapan & Avanthika Anand managed to beat a tough crowd of International students to secure a spot at the finals, where they were placed in mixed groups of finalists from various countries across the world such as the US, UK, Japan, Australia, Israel, France, Indonesia – and had to compete against other such teams to win the competition.
Avanthika & her team won the NEC award, a special award given by the SideChallenge CTF organisers, securing a prize of ¥100,000.
They also got a unique opportunity to interact & network with other notable international teams from across the world.
Qiangwang Cyber-Mimic Defense Challenge
The sixth Qiangwang International Elite Challenge on Cyber Mimic Defence opened at the Purple Mountain Laboratories (PML) in Nanjing, China, on December 6, attracting 40 teams across the world to engage in a rigorous competition spanning 72 hours. The challenge was co-hosted by the Cyberspace Affairs Office of the CPC Nanjing Municipal Committee, the PML and the China Institute of Communications (CIC), guided by the Cyberspace Affairs Office of the CPC Jiangsu Provincial Committee.
Our team members Aneesh Nadh, Adhithya Suresh Kumar, Rohit Narayanan & Srijiith S were selected to take part in the finals of this competition, going head-to-head against other top international teams.
In this competition, they were met with challenges mimicking real-life scenarios – such as car hacking, Router exploitation, DNS spoofing – and many more.
IITB TLCTF
Our members Sanjay Vardhan &* Aneesh Nadh*, took part in the rigorous cybersecurity competition at IIT-Bombay. They secured an invitation to the finals, where they went head-on against the best cybersecurity talent in the country & solved challenges demonstrating their skills – including exploiting the Spektre vulnerability in Intel CPUs – finally securing a victory for the team in the competition, winning a cash prize of Rs. 75,000.
bi0sCTF
This year marks the successful completion of the first edition of bi0sCTF.
bi0sCTF is a premier hacking event targeted at hackers of all ages, hosted by team bi0s. The challenges are carefully moulded and armed with the latest vulnerabilities. We have made sure to responsibly innovate to help you have an enjoyable time and experience.
Top teams from all across the world participated in this event, making it a grand success. The event was rated at 79.83 on CTFtime.
Scholarships, Projects & Papers
Bertelsmann Cyber Security Scholarship
Aadarsh T Rajeev from the Pentest Team received a Bertelsmann Cyber Security Scholarship.
He received a nanodegree for this accomplishment.
BlackHat Asia Scholarship
Our members Nandu S Pillai, Prabith Gupta, Aneesh Nadh, Rohit Narayanan, Manohar Reddy and Rahul Sunder received a student scholarship worth S$2000 to attend the BlackHat Asia conference.
Here, they were exposed to demonstrations of the latest cybersecurity tools, stalls held by leading companies like Microsoft & VMWare & talks hosted by industry professionals.
Our members Srilakshmi Prathapan, Avanthika Anand, & Aadarsh T Rajeev also received the scholarship.
Summer school & Research project with Malware Labs, BGU
Our member, Prabith Gupta, worked in collaboration with professors at Malware Lab at BGU, Israel, on a scholarship.
During his time at BGU, Prabith got an opportunity to interact & work with many of the top professors at BGU, as well as peers from various corners of the world.
Prabith took this unique opportunity to combine 2 domains of his interest – malware and Machine Learning – and created a Windows malware detection model with a detection rate of 96+% accuracy.
In addition to this, 5 of his research papers revolving around malware and AI-ML have been accepted at various international conferences. His main focus during his time at BGU was the offensive & defensive aspects of LLMs in the context of malware.
Attacks on Elliptic Curve Cryptography Implementations in SageMath
Our member, Pagilla Manohar Reddy, has authored a research paper delving into the security analysis of Elliptic Curve Cryptography (ECC) within the widely utilized SageMath software. In this comprehensive examination, various vulnerabilities in the ECC implementation have been scrutinized, shedding light on potential threats to the security of ECC-based systems. The findings of this research serve as a valuable resource for practitioners and developers, offering insights into fortifying the robustness of ECC-based cryptographic systems. This work contributes to the ongoing efforts to enhance the security of sensitive communications and transactions.
Events & Conferences
NASA Space Apps Challenge
The Global Impact Award and Global Nominee Award were given to our members Abhijit CB and Satya Sai in the NASA Space Apps Challenge, 2023. They competed against 31 other teams in the city of Bangalore, where they received the Global Impact award. Their project was also nominated on an International Level among 5550 other projects.
G20 Conference on Crime & Security in the Age of NFTs, AI, and Metaverse
At the G20 conference, Union Home Minister Amit Shah launched cyber volunteer squads from 7 educational institutions, including Amrita Vishwa Vidyapeetham.
The squad consists of Anikait Panigrahi, Jatin Khanna, Suryanarayan Nampoothiri, Rithika Kudari and Gowri Mohan from bi0s Hardware and were given the title ‘Cyber Volunteers’ under I4C by MHA. The squads will collaborate to promote cyber awareness among the youth, identifying and reporting malicious content to create a safer cyberspace.
Cisco Security Conference 2023
The bi0s hardware team presented some real-world IoT vulnerabilities to showcase the importance of IoT Smart Home Security at the Cisco Security Conference.
We showcased attacks that can easily be done on IoT devices used in day-to-day life like Router ROP exploits, RFID cloning for door locks, Bluetooth MITM attack on a BLE bulb and speaker, etc.
Kavach 2023
Our members Abhijit CB, Sahitya & Satya Sai provided an important contribution to our nation; their project – Detection of LoRA (Long Range) – is a topic of immense importance in the military and police. They developed a wireless forensics kit that harnessed the power of a feed-forward neural network model to identify unauthorised LoRA models.
From an initial pool of ~3900 teams spanning various domains, our team came as the runners-up in the Detection of LoRA category
Nullc0n 2023
One of our members from the bi0s Pentest team, Amrudesh, conducted training on Android Security at Nullc0n 2023, held in Goa.
Synack Red Teaming
One of our members, Vidhun K, got listed in Synack Acropolis for 15for15.
Synack Acropolis is a recognition program for Red Teamers on the Synack platform, and 15for15 is a leaderboard from which the top 3 performers from each month are added to their Acropolis page.
BlackHat MEA
Our member Abhishek Sidharth presented a tool – kubePWN, at the Blackhat MEA (Middle East & Africa), a leading CyberSecurity conference taking place in Riyadh. It is a framework to help security professionals & administrators enhance and measure the security posture of on-prem Kubernetes clusters.
Bsides Bangalore
Team Shakti hosted the Wonder Women CTF as part of the Bsides Bangalore Conference. They were contacted by Bsides Bangalore to manage and host the platform and challenges for the CTF.
Through their many years of experience in the field of Cyber Security, the team was well-equipped to create unique challenges in various fields like Reverse Engineering, Forensics, Web Exploitation, Cryptography and Binary Exploitation.
DEF CON - Trivandrum Chapter
Our members Sejal Koshta and Srilakshmi Prathapan, presented a talk at the Trivandrum Chapter of DEF CON on Evading Threat Defenses: Choosing the path less taken for fun and profit.
In this talk, they discussed their research on different evasion techniques and methodologies used in modern malware. These techniques were then applied to make our malware for a challenge hosted in bi0s CTF 2022, “Bluelock“.
Coming to the Placements, Internships & other employment opportunities that our members have received:
- Aneesh Nadh - Application Security Intern @CRED
- Hrishikesh Pankaj and Indraraj Biswas - Security Researchers @Hackit
- Pranav Nair - Security Engineer @CTFd
- Rahul Sunder - Application Security Intern @CRED
- Abhishek Barla - Security Engineer @Uptycs
- Abhishek Bharadwaj - Developer @Oracle
- Anand Balaji - PhD. @University of Texas
- Vishwesh S - Security Researcher @Ottersec
- Sivakami Praveen - @EIT Digital Master School
- Sayooj B Kumar and Yadhu Krishna M - Security Engineers @CRED
- Abhishek Sidharth - Security Engineer @Flipkart
- Shravya Bhaskara - Internship @ARM
- Simran Kathpalia - Intern @Max Planck University
- Arya Arun - Intern @Microsoft, @Tally Solutions
- Anjana Suresh - Cyber Security Intern @HighRadius
- R Srikesh - Security Research Intern @8ksec
- Jose Vithayathil - Intern @Fortinet
- Srikar - Associate Software Engineer @OpenText
- Poluru Pavani - Developer @IBM Cloud
- K Sridevi - Intern @Schneider Electric
- Pagilla Manohar Reddy - Intern @Atlassian
- Simran Kathpalia - Masters in Cybersecurity @Saarland University
Quoting from our 2021 review, “The legacy and the lineage of teambi0s remains unchanged; the team’s comradery attitude to progress and to improve the team and the general notion to help, teach and espouse cybersecurity remains as unaffected as humankind’s quest for the final frontier.“
Stepping into a new phase, we anticipate a future marked by progress within our team and a shifting club landscape. Our commitment to consistently contributing to the community that supported us remains relentless. We extend our sincere gratitude to all those who have stood behind us throughout the year, including the unwavering support from our university and faculties.