Pre-Read
Hello there! I’m Ryan, and this is my very first blog. I’m not a massive blogger but I think its a pretty cool way to document things that I’ve learned, events that I’ve attended, or just about the grass I’ve touched, so hopefully this catches on.
I’ve gotten the privilege to attend the annual Global Cybersecurity Camp 2026 this year as a staff repping SherpaSec following the founder, Chang Shiau Huei around. For those who don’t know, GCC is an annual cybersecurity camp organized by member organizations designed to uplift cybersecurity education amongst university students while fostering global collaboration. For more info visit https://gcc.ac
Massive thanks to SherpaSec’s sponsors: CyberWise Inc., Stratos Security, SecIron.
Arrival (Day 1)
We arrived on the 1st of March at Ho Chi Minh City. We were ahead of schedule so after checking in, we roamed around the city before meeting up at University of Science Viet Nam (HCMUS) for ice-breaking. Khoa, who’s a part of VNSec and also GCC Staff was assigned to be the Malaysian team’s point of contact. Man was funny and did a fantastic job, he even bought us lunch.
During ice-breaking, each country did a round of introductions and played mini-games before breaking off for dinner, where it was just food and networking throughout the night.
The first night was mainly for participants to network with their teammates from different backgrounds and cultures while potentially discuss about how to tackle the group project.
Classes (Day 2 - 5)
Felt privileged to attend classes held by these individuals. Everyone’s a professional as their specific subject matter, and a number of them are speakers at esteemed conferences & conventions (DEFCON, BlackHat etc.). Here’s what the timetable for GCC 2026 looks like, along with the topics being taught this year:
I’ve enjoyed all of the topics taught, especially how un-serious some of the slides are. Opposed to typical university classrooms, trainers had a good mix of theorhetical understanding and practical examples, so they were pretty interesting to see. My abstract on all of the topics taught:
Introduction to IoT/ICS Security & Firmware Analysis
Instructed by Mars Cheng
The number of IoT devices will only continue to increase. Mars elaborated on not only typical office/home devices (smart displays, speakers, cameras, alarms etc.) but also industrial tech (healthcare devices, smart city, energy etc.). What made his session intriguing was his elaboration on certain ICS (Industrial Control System), SCADA (Supervisory Control and Data Acquisition System), and DCS (Distributed Control System) along with their respective security threats and trends whilst showcasing real life examples of how these are being exploited in the industry, which you wouldn’t usually hear in typical classroom environments.
He also mentioned about one common trait in most IoT devices: They all lacked physical hardening. I’ve worked in typical IT environments where hardening scans can be done with ease and measured against benchmarks like CIS, so the idea of doing the same for IoT devices was pretty interesting since it isn’t exactly heavily adopted (at least to my knowledge). The class ended with Mars sharing on how vulnerability analysis is done on IoT firmware and its processes from firmware extraction to evaluation & vulnerability analysis.
Mars’s class was perfect for students (or staff lmao) who don’t have a solid foundation on IoT & ICS tech. He held the class with detail but not too overwhelming to understand.
Practical Binary Hardening with Control-flow Enforcement Technology (CET)
Instructed by Mike Telloyan & Kento Oki
Michael and Kento gave an introduction on Control-flow Enforcement Technology (CET), a feature introduced by Intel in modern chips to mitigate against control flow hijacking attacks using techniques like ROP (Return-Oriented Programming) and JOP (Jump-Oriented Programming).
In their class, Michael elaborated on Shadow Stacks and Indirect Branch Tracking, important concepts of CET on where they are applied, its implementations and how they perform mitigation. In the remainder of the class, they also demonstrated how these are implemented on Linux & Windows machines along with how CET can be adopted. They also included labs that made use of Intel SDE (Software Development Emulator) so we didn’t need vulnerable intel chips to perform practical assessments which was pretty nice.
omparing this with what I (or most people) dealt with, most vulnerabilities are taken care of via software patches and updates. CET introduces hardware based mitigation, making exploitation attempts much more difficult. Michael also showcased certain CVEs that can be used to take advantage against this vulnerability so actually seeing it in action was pretty interesting.
Hypervisors for Hackers: Security from the Hardware Up
Instructed by Satoshi Tanda
Probably one of my most anticipated classes. Satoshi-san was a trainer back in GCC 2023 and GCC 2022 on the topics of Hypeevisor in Rust and UEFI BIOS respectively. I feel like Hypervisors in security is an underated topic, and while it might sound boring, Satoshi’s enthusiasm made it sound very interesting. Unfortunately I wasn’t able to attend the full class because I had meetings that coincide with the training period, but I enjoyed his elaboration on hypervisor processes, specifically on hypervisors handle guest & host contexts (context isolation) and how different hypervisors would treat this differently.
Sad I couldn’t sit in for the full class, but happy I was there for a part of it.
Super Hat’s Kernel Trick: Social Engineering the AV/EDR Kernel Protection
Instructed by Shenghao Ma
I really appreciate Shenghao’s enthusiasm during his time at GCC. Even outside of his class, he strikes conversations with students & staff and befriends everyone. He’s a cool guy fr.
This class spanned across 7 hours, and was probably the most practicle/hands on class we had (though I didn’t exactly follow it 100% as I had other work to attend to). Coming from a background where the work I do is blue in nature, Shenghao gave me a whole new perspective on how AV/EDRs do detection and migation. The classes dived deep into how AV & EDRs do:
- File Landing Malware scans
- How privileged tokens are handled
- How PPL (Process Protected Light works)
- Sandboxing
To most students, this session was probably a technical goldmine because of how Shenghao structured the class to include all the practical hands-on experience possible despite given only 7 hours for such an extensive topic, but I really enjoyed his idealogy on how people on the offensive end should ‘Break EDRs the right way’. Massive props.
Born in the Cloud, Breached on the On-Prem: Entra ID Attack Chains
Instructed by Jimmy Su & John Jiang
Man, this was another highly anticipated session of mine but I completely missed it because of meetings. When I returned, they were already wrapping up the class and prepping for lunch. Looking at the slides, the class discussed about core concepts of Entra ID along with showcasing attack paths moving from low privileged Entra Join devices to high privileged users. They even included CTF modules for fun learning. Took a big fat L on this one, was looking forward to it.
Hands On Cybersecurity AI Workshop: Build your own Automated Agentic AI Penetration Tester in N8N OpenCode
Instructed by Kar Wei Loh
I’ve done SOC Ops automation in the past using n8n, so doing the complete opposite and building a pentesting agent was interesting for me. However, Kar Wei planned the course a little over half a year ago before the commencement of GCC 2026, and she shared how comparing n8n with other solutions as tech advanced with time, other products stood out more. Because of this, she altered her session to introduce OpenCode instead. Using OpenCode, we learned how to create workflows, train our agents, and use it to solve certain problems (as most agentic platforms would). In our sessions, we used built and designed agents to complete CTF challenges on the platform she founded: Hexcore Labs. She helped her audience understand how agent thinks from start to finish, and explained how different environments can alter the results to be expected.
During her session, she also explained how even when she was OSCP certified and is mainly red team focused by training, her passion truly revolves around being a builder, which led her on an instructor/education focused path where she teaches people around the globe. Pretty inspiring.
Beyond classrooms
During periods outside of training, I’ve had a lot of fun exploring Ho Chi Minh City and roaming around the streets for food, coffee, and apparel. Everyone I’ve cross paths with in Vietnam was friendly and did not shy away from conversation. Minimal language barriers, maximum hygge. Gems on the streets of Vietnam that I’ve stumbled upon:
- Phở (needs no introduction)
- Bánh mì (Vietnamese Subway)
- Bánh canh (crab noodle soup)
- Trung Nguyên (Vietnamese coffee)
- Multiple chains of milk tea
- The Vietnamese fashion flair
- Apparels @ 11 Garmentory, The Air Saigon
- Eyewear store @ Seeson
- Leather connoisseurs @ Chalames
Thanks to the Vietnamese staff, a city tour was also included on the last day of GCC where we roamed about Ho Chi Minh City. Some notable attractions:
- Bưu điện (Saigon Central Post Office)
- Bến Thành Market
- Riverside Park Vietnam
All things considered
It was pretty fun learning about different topics in cybersecurity while roaming the streets of Vietnam. Witnessing how the Malaysian students win several prizes across multiple different categories also gave me a Hoo-Rah moment.
Shoutout to the Vietnam staff who organized the whole thing and welcomed us with open arms, and also massive thank you to the SherpaSec orang tuas, and our sponsors Cyberwise Inc., Stratos Security, and SecIron for making this possible.
Here are some of the fun stills and photos from the trip:
