SPARTA CyberSecurity Hackathon: building solutions on the open-source software

For Garage48, the year 2022 started with a SPARTA Cyber Security Hackathon that took place on January 28-30th. The main aim of the Hackathon was to identify and design solutions to some of the recurring problems or come up with entirely new solutions which would take cybersecurity to the next level.
Participants built their solutions on the research outcomes including the open-source software made available by the program's partners.
Raido Sooalu from the live production team during Finals 

I loved how this hackathon created a real need for the full-stack of team skills: technology to create the solution; design to make it usable; and business to find sustainable go-to-market models. The SPARTA project provided not just the OSS tools for the teams to amplify their solutions, but high-quality mentors who were seriously engaged with the teams. Another thing that stood out is the commitment to teams with coaching and support available after the hackathon.

- Calum Cameron, SPARTA Host

------ SPARTA Cyber Security Hackathon participants during Finals


8 teams from Estonia 🇪🇪, Latvia 🇱🇻, Poland 🇵🇱, Albania 🇦🇱, Germany 🇩🇪, Ukraine🇺🇦, Romania 🇷🇴 have started their hackathon journey.

SPARTA Cyber Security Hackathon Open Source Software (OSS)


The OSS was provided by the SPARTA program and hackathon partners and was of great help to the participants, as they have built their solutions on that software.


🛡 CESNET

👉 https://github.com/CESNET/Nemea


Description: NEMEA (Network MEasurements Analysis) system is a stream-wise, flow-based, and modular detection system for network traffic analysis. It consists of many independent modules which are interconnected via communication interfaces and each of the modules has its own task. Communication between modules is done by message passing where the messages contain flow records, alerts, some statistics or preprocessed data.

License: Permissive with restrictions https://github.com/CESNET/Nemea/blob/master/COPYING 


🛡 UKON,VulnEx

👉 https://github.com/dbvis-ukon/vulnex


Client: The web client of the VA tool, served by the server component. Db-connector: The database connector module for the db-importer and server. Db-importer: creates the database used for the VA tool. Server: the server of the VA tool, serving the static content and REST API

License: Apache License 2.2, Commercial use permitted

https://github.com/dbvis-ukon/vulnex/blob/main/LICENSE

🛡 TSOpen 

👉https://github.com/JordanSamhi/TSOpen


TSOpen is a flow-, path- and context-sensitive tool to detect logic bombs in Android applications. This is an open implementation of TriggerScope made thanks to the details given in the 2016 Security and Privacy paper by Fratantonio & al. TSOpen has been developed over the Soot framework (https://github.com/soot-oss/soot ) which is useful in analyzing statically Java programs thanks to its internal simplified representation of Java bytecode (Jimple). Since TSOpen is made to analyze Android APKs and such applications have an atypical form (with communicating components), it is difficult to model correctly the flow of information. Therefore the modelling part relies on Flowdroid (https://github.com/secure-software-engineering/FlowDroid )which is a tool to detect data leaks in Android APKs but can also be used as a library.


License: GNU Lesser General Public License v2.1.

https://github.com/JordanSamhi/TSOpen/blob/master/LICENSE


🛡 SAP, Eclipse Steady

👉 https://github.com/eclipse/steady/


Description: Discover, assess and mitigate known vulnerabilities in your Java and Python projects Eclipse Steady supports software development organizations in regards to the secure use of open-source components during application development. The tool analyzes Java and Python applications in order to:

  • detect whether they depend on open-source components with known vulnerabilities,

  • collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and

  • support developers in the mitigation of such dependencies.

As such, it addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches: snyk.io/blog/owasp-top-10-breaches

In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data. It is a collection of client-side scan tools, microservices, and rich OpenUI5 Web frontends.


License: Multiple licenses, Apache License 2.0 is the latest

https://github.com/eclipse/steady/tree/master/LICENSES


🛡 BuildWatch /UBO 

👉 https://github.com/cybertier/buildwatch 


Description: detects and filters suspicious activities that happen during project builds e.g. network activity or file system access.

License: GNU Affero Public License v3.0


🛡SMILE / MISP 

👉 https://github.com/MISP/MISP


Description: MISP is an open-source software solution for collecting, storing, distributing, and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals, or malware reversers to support their day-to-day operations to share structured information efficiently.

The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS, and also log analysis tools, SIEMs.


License: GNU Affero Public License v3.0

https://github.com/MISP/MISP/blob/2.4/LICENSE


Winners of SPARTA CyberSecurity Hackathon

 

Fuzzybird

Fuzzybird building an extension that defends users against WebKit exploit phishing as well as Magecart attacks.

🏆 3000€ cash prize and legal consultation from NautaDutilh


Fuzzybird Team Lead Serhii Stelmakh during Finals
Team members
: Serhii Stelmakh, Ekaterina Konopleva, Rostyslav Nihrutsa, Ivan Soroka, Tam Abaku

SPARTA Cybersec Hackaton was not just about building, coding, or solving some problems. These 48 hours were all about talented people, great ideas, inspiration, and motivation. That’s why we are looking forward to participating in upcoming events! Thank you SPARTA and thank you Garage48!

- Serhii Stelmakh, Fuzzybird Team Lead

Trust Hub

Their solution focuses on the security privacy policy for IoT Devices. Trust Hub’s solution aspires to prevent misconfiguration of IoT network devices.


🏆 2000€ cash prize, a 2-month mentorship from Vicomtech, and legal consultation from NautaDutilh

Trust Hub Team Lead Szymon Stawski during Finals


Team members: Szymon Stawski, Fathin Dosunmu, Deniss Orlov, Kirils Gorjunovs ---

Sparta Cyber Security hackathon was a very challenging and valuable experience. Projects presented during finals were very inspiring and teams standing behind those projects were hardworking and persistent. There is no better place for valuable networking with super-smart people.

- Szymon Stawski, Trust Hub Team Lead


Coorder8

Coorder8 building an app to effectively report incidents to corresponding institutions.

🏆 Mentorship from SecurityMadein.lu

Team Lead Andre N. during Finals

Team members: Andre N. , Kristaps Pilveris


Who made it possible?


This event would not be possible without our amazing team. Thank you to the organizers, mentors, partners, and participants! 🛡

Mentors: Marily Hendrikson, Andrus Padar, Maido Parv, Yoann Le Bihan, Alexandre Dulaunoy, Steve Clement, Viktor Dufour, Amaia Gil, Xabier Echeberria, Andras Iklody, Martin Zadnik.


Organizers: Siim Eesalu, Tamara Bezljudova, Mari Hanikat


Host: Calum Cameron


Jury: Pascal Steichen, Yoann Le Bihan, Martin Zadnik, Marc Ohm, Henrik Plate, Kadri Bussov, Raul Orduna Urrutia

SPARTA PHOTOS

Gallery

SPARTA FINALS

Youtube Live
WATCH SPARTA AFTERMOVIE 👇

You may also like

SPACETECH EUROPE Online Hackathon: solving present and future challenges in space.
In cooperation with Garage48 and SpaceOn, the U.S. Embassy in Ukraine has launched the SPACET...
Read more →
How we met the future female founders of Estonia, Latvia and Sweden
Over the weekend of 22-24th of October, 85 girls in the age of 15 to 18 across Estonia἞...
Read more →
The first-ever Garage48 Food 2021- greener food for a greener future
In co-organisation with Garage48, Estonian University of Life Sciences and Estonian Research ...
Read more →