I loved how this hackathon created a real need for the full-stack of team skills: technology to create the solution; design to make it usable; and business to find sustainable go-to-market models. The SPARTA project provided not just the OSS tools for the teams to amplify their solutions, but high-quality mentors who were seriously engaged with the teams. Another thing that stood out is the commitment to teams with coaching and support available after the hackathon.
- Calum Cameron, SPARTA Host
8 teams from Estonia 🇪🇪, Latvia 🇱🇻, Poland 🇵🇱, Albania 🇦🇱, Germany 🇩🇪, Ukraine🇺🇦, Romania 🇷🇴 have started their hackathon journey.
SPARTA Cyber Security Hackathon Open Source Software (OSS)
The OSS was provided by the SPARTA program and hackathon partners and was of great help to the participants, as they have built their solutions on that software.
🛡 CESNET
👉 https://github.com/CESNET/Nemea
Description: NEMEA (Network MEasurements Analysis) system is a stream-wise, flow-based, and modular detection system for network traffic analysis. It consists of many independent modules which are interconnected via communication interfaces and each of the modules has its own task. Communication between modules is done by message passing where the messages contain flow records, alerts, some statistics or preprocessed data.
License: Permissive with restrictions https://github.com/CESNET/Nemea/blob/master/COPYING
🛡 UKON,VulnEx
👉 https://github.com/dbvis-ukon/vulnex
Client: The web client of the VA tool, served by the server component. Db-connector: The database connector module for the db-importer and server. Db-importer: creates the database used for the VA tool. Server: the server of the VA tool, serving the static content and REST API
License: Apache License 2.2, Commercial use permitted
https://github.com/dbvis-ukon/vulnex/blob/main/LICENSE
🛡 TSOpen
👉https://github.com/JordanSamhi/TSOpen
TSOpen is a flow-, path- and context-sensitive tool to detect logic bombs in Android applications. This is an open implementation of TriggerScope made thanks to the details given in the 2016 Security and Privacy paper by Fratantonio & al. TSOpen has been developed over the Soot framework (https://github.com/soot-oss/soot ) which is useful in analyzing statically Java programs thanks to its internal simplified representation of Java bytecode (Jimple). Since TSOpen is made to analyze Android APKs and such applications have an atypical form (with communicating components), it is difficult to model correctly the flow of information. Therefore the modelling part relies on Flowdroid (https://github.com/secure-software-engineering/FlowDroid )which is a tool to detect data leaks in Android APKs but can also be used as a library.
License: GNU Lesser General Public License v2.1.
https://github.com/JordanSamhi/TSOpen/blob/master/LICENSE
🛡 SAP, Eclipse Steady
👉 https://github.com/eclipse/steady/
Description: Discover, assess and mitigate known vulnerabilities in your Java and Python projects Eclipse Steady supports software development organizations in regards to the secure use of open-source components during application development. The tool analyzes Java and Python applications in order to:
detect whether they depend on open-source components with known vulnerabilities,
collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and
support developers in the mitigation of such dependencies.
As such, it addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches: snyk.io/blog/owasp-top-10-breaches
In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data. It is a collection of client-side scan tools, microservices, and rich OpenUI5 Web frontends.
License: Multiple licenses, Apache License 2.0 is the latest
https://github.com/eclipse/steady/tree/master/LICENSES
🛡 BuildWatch /UBO
👉 https://github.com/cybertier/buildwatch
Description: detects and filters suspicious activities that happen during project builds e.g. network activity or file system access.
License: GNU Affero Public License v3.0
🛡SMILE / MISP
👉 https://github.com/MISP/MISP
Description: MISP is an open-source software solution for collecting, storing, distributing, and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals, or malware reversers to support their day-to-day operations to share structured information efficiently.
The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS, and also log analysis tools, SIEMs.
License: GNU Affero Public License v3.0
https://github.com/MISP/MISP/blob/2.4/LICENSE
Winners of SPARTA CyberSecurity Hackathon
Fuzzybird
Fuzzybird building an extension that defends users against WebKit exploit phishing as well as Magecart attacks.
🏆 3000€ cash prize and legal consultation from NautaDutilh
Team members : Serhii Stelmakh, Ekaterina Konopleva, Rostyslav Nihrutsa, Ivan Soroka, Tam Abaku
SPARTA Cybersec Hackaton was not just about building, coding, or solving some problems. These 48 hours were all about talented people, great ideas, inspiration, and motivation. That’s why we are looking forward to participating in upcoming events! Thank you SPARTA and thank you Garage48!
- Serhii Stelmakh, Fuzzybird Team Lead
Trust Hub
Their solution focuses on the security privacy policy for IoT Devices. Trust Hub’s solution aspires to prevent misconfiguration of IoT network devices.
🏆 2000€ cash prize, a 2-month mentorship from Vicomtech, and legal consultation from NautaDutilh
Team members: Szymon Stawski, Fathin Dosunmu, Deniss Orlov, Kirils Gorjunovs ---
Sparta Cyber Security hackathon was a very challenging and valuable experience. Projects presented during finals were very inspiring and teams standing behind those projects were hardworking and persistent. There is no better place for valuable networking with super-smart people.
- Szymon Stawski, Trust Hub Team Lead
Coorder8
Coorder8 building an app to effectively report incidents to corresponding institutions.
🏆 Mentorship from SecurityMadein.lu
Team Lead Andre N. during Finals
Team members: Andre N. , Kristaps Pilveris
Who made it possible?
This event would not be possible without our amazing team. Thank you to the organizers, mentors, partners, and participants! 🛡
Mentors: Marily Hendrikson, Andrus Padar, Maido Parv, Yoann Le Bihan, Alexandre Dulaunoy, Steve Clement, Viktor Dufour, Amaia Gil, Xabier Echeberria, Andras Iklody, Martin Zadnik.
Organizers: Siim Eesalu, Tamara Bezljudova, Mari Hanikat
Host: Calum Cameron
Jury: Pascal Steichen, Yoann Le Bihan, Martin Zadnik, Marc Ohm, Henrik Plate, Kadri Bussov, Raul Orduna Urrutia