HTX cybersecurity engineer Ernest Lim presents at Black Hat Arsenal 2025. He was “thankful and honoured for the opportunity to represent HTX at an international event”. (Photo: HTX/Evelyn Ho)
HTX’s xCybersecurity division presented their DumpSieve solution at Black Hat USA in Las Vegas on 6 August 2025, marking the agency’s maiden appearance in the renowned cybersecurity conference.
Named after its capability to sieve through dumps of leaked data, DumpSieve is an AI-powered automated platform used to monitor, alert and triage data leaks and ransomware incidents affecting the supply chain of an organisation.
Unlike traditional incident response tools, DumpSieve doesn’t just look out for cybersecurity incidents that target an organisation directly. It also considers incidents which affect parties that an organisation works with.
A sneak peek of the DumpSieve tool. (Screenshot: HTX/Sean Saw)
The solution has two parts – a scraping and monitoring engine that provides real-time alerts of data dumps on the dark web, and a data dump analysis module that can accurately identify relevant documents within large volumes of unstructured data.
For example, if a vendor engaged by HTX has been hit by a ransomware attack, cybersecurity engineers in HTX can use DumpSieve to scan the web for data that might have been stolen and released. In addition, they can check if any part of that data contains sensitive information belonging to HTX.
The early warning and rapid assessment of external threats would not only provide confirmation of what data has been compromised but also allow for much quicker incident response.
Example of a data leak alert triggered by DumpSieve and received through Slack, a communication platform. (Screenshot: HTX/Sean Saw)
Turning thought into action
The idea behind DumpSieve was born when Sean Saw, an engineer from the Cyber Threat Intel & Hunting (CTIH) unit of HTX’s xCybersecurity, was investigating a ransomware incident in 2023.
During this process, he started wondering if organisations with formidable cybersecurity defences could nonetheless fall prey to attacks through third parties in their supply chain.
Such leaks, according to Sean, are highly problematic because it can take hundreds of man-hours just to comb through the leaked information manually to determine if the organisation’s data has been impacted.
Example of a data leak detected by DumpSieve, hitting an organisation on the watchlist (company details redacted). (Screenshot: HTX/Sean Saw)
To power the analysis process, he leveraged RegEx, a powerful search and pattern-matching language, as well as a zero-shot classification model, a type of machine learning model that can classify data into categories it has never explicitly seen during training.
Joining his efforts to expand the tool’s capabilities the following year was HTX cybersecurity apprentice Bryan Swee, who worked on incorporating monitoring and detection features to identify ransomware attacks along the supply chain.
DumpSieve runs through the full data dump and identifies if any of its contents are relevant to the organisation in question by flagging out custom keywords. (Screenshot: HTX/Sean Saw)
Bringing value to the Home Team
While the tool has yet to be rolled out for Home Team use, the team is excited about its potential.
“It’s a good feeling to be able to build a solution that could potentially give peace of mind to the Home Team Departments (HTDs), which have a lot to worry about already,” said Sean.
“With this tool, we could provide answers in times of uncertainty, like when there’s been an attack on a third party in a HTD’s supply chain and it is not yet known if the HTD’s data has been compromised.”
The masterminds behind DumpSieve – Sean Saw (right) and Bryan Swee – are proud of how far their project has come. (Photo: HTX/Sean Saw)
Sean added that he never would have imagined that his greenfield project would wind up in a high-profile cybersecurity conference like Black Hat USA.
“I only recently started working with AI models. To have one of the tools I built shown to an international audience is a huge honour, and also a win for HTX,” he quipped.
“I’m hopeful that the runway for this tool is long – it could eventually help to solve industry problems beyond the Home Team. But even if not, I hope our presence at Black Hat USA stirs a discussion on the importance of supply chain cybersecurity and shows how seriously we take it here at the Home Team.”
Sean pointed out that the CTIH team will continue to refine DumpSieve and seek to improve its efficacy while striking a balance between expanded artificial intelligence capabilities and processing time.
The HTX contingent at Black Hat Arsenal included engineers like (from left to right) Ronald Toh, Jeremy Roland Fernandaz, Ernest Lim, Sim Bowen and Jonathan Yee. (Photo: HTX/Evelyn Ho)
