About Me
Hello! I am Wai Tuck, a part-time PhD candidate at the School of Computing and Information Systems at Singapore Management University and the Head of Labs Engineering at watchTowr. My interests are wide, but primarily lie in game theory, mechanism design, machine learning and their intersection with cybersecurity. I am lucky to be co-advised by Arunesh Sinha and Sun Jun, who are experts in this area.
I graduated with top honours with a Bachelor of Science in Information Systems (2nd major in Applied Statistics) from Singapore Management University. My undergraduate research was the research and implementation of a tool to analyze syntactic dependencies of software to measure change effort required for a proposed change in a given codebase. I performed empirical analysis to see if the heuristic holds for several large open source Java programs. The tool was later adapted to teach students design patterns in software engineering. My advisor, Kevin Steppe encouraged me to take it up and guided me through every step of the research process, and I am grateful for the introduction to research at such an early stage in my academic career.
I later took a Master of Science in Information Security from the Information Networking Institute at Carnegie Mellon University as part of the SMU-CMU Fast-Track program. My graduate research at CMU looked at studying and using dynamic taint analysis to find bugs in node.js, in particular to find code injection vulnerabilities in packages in the NPM ecosystem. I was advised by Limin Jia, and had the guidance and help from a PhD student, Darion Cassel, that made the research project a success.
In my free time, I play CTFs. I currently play with the amazing folks at Black Bauhinia. Previously, I played with CTF.SG and Tea MSG, a team I co-founded with a couple of amazing friends. We won our first DEFCON Black Badge in 2018 at the Red Alert ICS CTF in DEFCON 26. During my masters, I was fortunate to have played with the Plaid Parliament of Pwning back at Carnegie Mellon University.
I also do martial arts, and am an avid fan of Bruce Lee, hence the title of the blog :)
Certifications
- Offensive Security Certified Professional (OSCP) Summer 2016
- Offensive Security Certified Expert (OSCE) Spring 2018
- Offensive Security Web Expert (OSWE) Summer 2019
- Offensive Security Wireless Professional (OSWP) Summer 2019
- Splunk Core Certified User Summer 2019
- Deep Learning Specialization Summer 2021
- Windows Vulnerability Research & Fuzzing (Black Hat) Spring 2022
- Machine Learning in Production Summer 2022
- MITRE ATT&CK Fundamentals Summer 2024
Contact
You may find a copy of my CV here. You may also contact me at me(at)waituck(dot)sg.
As always, hack on!