BAYCYSEC

About BAY

BAY is a cybersecurity research group based in Jakarta, Indonesia, founded in 2022. We are a collective of practitioners and researchers dedicated to advancing the cybersecurity field through collaboration, education, and innovation.

Our mission is to bridge the gap between industry, research, and community by fostering knowledge-sharing, building practical solutions, and nurturing the next generation of cybersecurity professionals.

At BAY, we believe in learning by doing — from developing tools and research projects to engaging in global security discussions. As a purpose-driven initiative, we exist not for profit, but to empower the wider cybersecurity community through creativity, resilience, and collaboration.

Blue Anvil Projects

Cybersecurity training and resilience service, combining hands-on bootcamps to build Blue Team skills with realistic cyber drills that test and strengthen organizational response against threats.

Hacksmiths

Capture The Flag (CTF) service, providing end-to-end competition management — from challenge development and CTFd platform hosting, to scoring, event operations, and official write-ups.

Blue Anvil

(Coming soon)

Hacksmiths

Our Latest Work

Completed

Cyberyolk CTF 2023

The Cyberyolk CTF lab is built to national standards, with challenges crafted by experienced creators to ensure relevance and engagement. Using a Jeopardy-style format, it covers Binary Exploitation, Cryptography, Forensics, OSINT, Reverse Engineering, and Web.

Capture The Flag Jeopardy National Level

Completed

Tel-U Gemastik Selection 2025

BAY was outsourced as a challenge vendor for Telkom University Gemastik Internal Selection 2025, delivering a set of high-quality CTF challenges. These included pwnable tasks (format string, UAF, tcache poisoning) and a forensic challenge on fraud investigation.

Capture The Flag Jeopardy National Level Internal

Completed

ITSEC CTF Competition 2025

A BAY board member co-developed a forensic challenge for the ITSEC CTF 2025 final, centered on an armored Python backdoor with keylogging, encryption, persistence, and clipboard hijacking. Two vulnerable binaries simulated exploits such as off-by-one, format string, ROP, ret2libc, double free, and tcache poisoning.

Capture The Flag Jeopardy National Level

Completed

East Java Province Cybersecurity Competition 2025

To support East Java Province’s Capture The Flag competition, the event committee engaged a BAY board member to design pwn challenges. The board member co-developed three problems, two for the qualification round and one for the final, focused on Return-Oriented Programming (ROP) and Linux stack exploitation techniques.

Capture The Flag Jeopardy National Level

Community Research

Our Latest Work & On-Going Development

Completed

Plaguards: Powershell Deobfuscator

Plaguards is a security tool that automates deobfuscation of obfuscated PowerShell scripts, helping teams quickly identify Indicators of Compromise (IOCs) and distinguish valid threats from false positives. Each analysis produces a detailed PDF report with actionable insights.

DFIR Tool Development Powershell Deobfuscator IOC Checker Automated Reporting

GitHub Black Hat Asia 2025

Black Hat USA 2025

Completed

JARY: A Modular Data Correlation Engine

JARY is a runtime for creating .jary rules to search and correlate log data from external sources. It allows users to define structured rules that filter, match, and analyze log entries to support data analysis and automation. The JARY runtime is a lightweight library written in C that can be dynamically linked with other programs.

DFIR Tool Development Correlation Engine Rule-Based

GitHub Black Hat Asia 2025

Completed

Kegembok: A Golang-Based Ransomware

Kegembok is a Ransomware tools, a cross-platform (Linux, Mac, and Windows) ransomware made from the Golang programming language, encryption using AES-256-GCM, in this program you can use your own key. This program is for educational purposes only and helpful for simulation like tabletop or ransomware test.

Malware Development Golang Ransomware

GitHub

Completed

HolmesGeo: IP Geolocation Checker

HolmesGeo is an open-source Python tool designed for extracting and analyzing IP addresses from various data sources. It supports input from Apache log files, CSV files, and standard input, and provides geographic and network information for each IP address.

DFIR Tool Development IP Geolocation Checker

GitHub

Completed

Sigurd: Operation Baby Steps

Sigurd is a research-focused artifact used for digital forensics, incident response training, and CTF challenges. It exhibits advanced threat behaviors, including remote command execution, file encryption, data exfiltration, Windows persistence, and stealth techniques. Its first public sample on VirusTotal provides a historical reference for analysts.

Malware Development Python RAT LOLAPPS ITSEC Asia Cyber Security CTF Competition 2025

GitHub VirusTotal Public Sample

Content Writing

Insights and thoughts from our team

July 2025 6 min read

Detection of Audio Attacks (Deepfake) Using Time-Based and Cepstral Domain Features with Stacking Classifier

This study uses a stacking classifier with SVM, Random Forest, and Logistic Regression to detect deepfake audio. Tested on the Fake or Real dataset with six audio features (MFCC, Spectral Rolloff, Spectral Contrast, Bandwidth, ZCR, RMS), the method achieved 97–99% accuracy, outperforming existing models.

by Team BAY (Presented at ICoDSA 2025)