SPARTA Cybersecurity Hackathon 

When 28-30 January, 2022

Where Online

  • Overview
  • Agenda
  • 🛡 Open source software
    •

    Prepare yourself for 48 hours full of hacking, coding, designing, working with Top-notch experts, and thinking BIG to solve cybersecurity challenges! 🚀


    We all rely on technology more than we want to in today's world. Unfortunately, most technology is quite vulnerable and can be easily hacked. Cyber attacks hit businesses and private systems every day, and the variety of attacks has increased quickly.


    🛡 The main aim of the SPARTA Cybersecurity Hackathon is to identify and design solutions to some of the recurring problems or come up with entirely new solutions which would take cybersecurity to the next level.

    Participants should build their solutions on the research outcomes including the open-source software made available by the program's partners.


    🦾 Find new approaches to the following challenge areas:

    • How to make IoT devices less vulnerable to cyber-attacks?
    • Predicting the hybrid cyber activities (disinformation campaigns, fake news in combination with targeted cyber operations) to enable situational threat intelligence and informed and effective decision making
    • Assessment of cybersecurity properties for software
    • Security, explainability, and fairness of AI/ML systems

    🙌🏻Industry experts will help you go from an idea to an actual prototype in 48 hours!

    🌐Join from anywhere! The event is happening entirely online.


    If you're ready to tackle these serious problems with your fresh perspective- this is the event for you!


    👀 WE ARE LOOKING FOR: data scientists, non-technical cybersecurity or data protection professionals, UI/UX designers, front-end developers, back-end developers, marketers, visionaries, experts, marketing gurus, and passionate project managers!

    🏆THE PRIZE POOL for hackathon winners is up to 5000€ along with a possibility to develop their idea further with 2 months of mentorship from Vicomtech!


     🤩 HOW TO JOIN? 🤩


    REGISTER NOW AND POST YOUR IDEA 👉 https://eventornado.com/event/spartacybersec#home

    JOIN THE EVENT ON FACEBOOK👉https://fb.me/e/2Unw0tRZf

    READ MORE ON SPARTA 👉 https://sparta.eu/

    GET TO KNOW THE OPEN-SOURCE SOFTWARE AVAILABLE HERE 👉 https://eventornado.com/event/spartacybersec#open-source-software


    SEE YOU AT THE HACKATHON!🚀


    This project has received funding from the European Union's Horizon 2020 research and innovation program under grant agreement No 830892.

    NB! All times are in GMT+2.


    Friday | January 28th

    17.00 Opening of the hackathon (Live broadcasted on Youtube)
    17.30 Checkpoint #1 - plan for the 48-hours. Introduce your idea.
    to hackathon mentors.
    18.30 Work begins

    Saturday | January 29th

    10:00 Checkpoint #2: check-in with teams progress, plans, problems.
    11:30 Mentoring & teamwork continues
    14:00 Pitching & Demo workshop
    17:00 Checkpoint #3: show us your prototype!
    18:00 Work continues

    Sunday | January 30th

    10:00 Checkpoint #4- final finishing touches
    11:00-13:00 Pitch drills
    17:00- 18:30 Finals of the hackathon (Live broadcasted on Youtube)
    18:30-19:00 Jury decides
    19:00 Announcing the winners  (Live broadcasted on Youtube)


    GET TO KNOW THE OPEN-SOURCE SOFTWARE AVAILABLE &  CHOOSE THE ONE THAT FITS BEST FOR YOUR SOLUTION DURING THE HACKATHON!

    1. CESNET
    👉 https://github.com/CESNET/Nemea


    Description: NEMEA (Network MEasurements Analysis) system is a stream-wise, flow-based, and modular detection system for network traffic analysis. It consists of many independent modules which are interconnected via communication interfaces and each of the modules has its own task. Communication between modules is done by message passing where the messages contain flow records, alerts, some statistics or preprocessed data.

    License: Permissive with restrictions https://github.com/CESNET/Nemea/blob/master/COPYING 
     

    2. UKON,VulnEx
    👉 https://github.com/dbvis-ukon/vulnex


    Client: The web client of the VA tool, served by the server component
    Db-connector: The database connector module for the db-importer and server
    Db-importer: creates the database used for the VA tool
    Server: the server of the VA tool, serving the static content and REST API

    License: Apache License 2.2, Commercial use permitted
    https://github.com/dbvis-ukon/vulnex/blob/main/LICENSE

    3. TSOpen
    👉https://github.com/JordanSamhi/TSOpen


    TSOpen is a flow-, path- and context-sensitive tool to detect logic bombs in Android applications. This is an open implementation of TriggerScope made thanks to the details given in the 2016 Security and Privacy paper by Fratantonio & al.

    TSOpen has been developed over the Soot framework (https://github.com/soot-oss/soot ) which is useful in analyzing statically Java programs thanks to its internal simplified representation of Java bytecode (Jimple). Since TSOpen is made to analyze Android APKs and such applications have an atypical form (with communicating components), it is difficult to model correctly the flow of information. Therefore the modelling part relies on Flowdroid (https://github.com/secure-software-engineering/FlowDroid )which is a tool to detect data leaks in Android APKs but can also be used as a library.


    License: GNU Lesser General Public License v2.1.
    https://github.com/JordanSamhi/TSOpen/blob/master/LICENSE


    4. SAP, Eclipse Steady
    👉 https://github.com/eclipse/steady/


    Description: Discover, assess and mitigate known vulnerabilities in your Java and Python projects Eclipse Steady supports software development organizations in regards to the secure use of open-source components during application development. The tool analyzes Java and Python applications in order to:

    • detect whether they depend on open-source components with known vulnerabilities,
    • collect evidence regarding the execution of vulnerable code in a given application context (through the combination of static and dynamic analysis techniques), and
    • support developers in the mitigation of such dependencies.


    As such, it addresses the OWASP Top 10 security risk A9, Using Components with Known Vulnerabilities, which is often the root cause of data breaches: snyk.io/blog/owasp-top-10-breaches

    In comparison to other tools, the detection is code-centric and usage-based, which allows for more accurate detection and assessment than tools relying on meta-data. It is a collection of client-side scan tools, microservices and rich OpenUI5 Web frontends.


    License: Multiple licenses, Apache License 2.0 is the latest
    https://github.com/eclipse/steady/tree/master/LICENSES

    5. BuildWatch /UBO
    👉 https://github.com/cybertier/buildwatch 


    Description: detects and filters suspicious activities that happen during project builds e.g. network activity or file system access.


    License:     GNU Affero Public License v3.0

    6. SMILE / MISP
    👉 https://github.com/MISP/MISP

    Description: MISP is an open-source software solution for collecting, storing, distributing and sharing cyber security indicators and threats about cyber security incidents analysis and malware analysis. MISP is designed by and for incident analysts, security and ICT professionals or malware reversers to support their day-to-day operations to share structured information efficiently.

    The objective of MISP is to foster the sharing of structured information within the security community and abroad. MISP provides functionalities to support the exchange of information but also the consumption of said information by Network Intrusion Detection Systems (NIDS), LIDS and also log analysis tools, SIEMs.


    License:     GNU Affero Public License v3.0
    https://github.com/MISP/MISP/blob/2.4/LICENSE 


    WANT TO GET WARMED UP BEFORE THE HACKATHON?


    Here are some fun challenges for you to work on and solve!

    • Exercise1: generate adversarial from provided images and try to be undetectable for users and models (most similar as originally provided ones). Ten images will be used to validate the solution and 3 different adversarial generation tools are provided to participants. Similarity checks and model predictability functions are used to detect if the adversarial was correctly generated and to measure the similarity between the original imaged and the adversarial one.
    • Exercise2: select the best parameters of the defense in order to detect adversarial attacks. Different input values of parameters can be provided and defense accuracy will be shown for the configuration provided and preset image set

    👉 http://150.241.253.62:2222/ui/



    WHAT IS SAID

    #spartacybersec

    THE SUPERSTARS
    The Mentors 

    Yoann Le Bihan
    Senior Associate at NautaDutilh Luxembourg
    Alexandre Dulaunoy
    Security Research at CIRCL
    Steve Clement
    Information Security, Incident Handling and Information Sharing at CIRCL (Computer Incident Response Center Luxembourg)
    Viktor Dufour
    Chief Technical Officer Company at Wicotiz, Senior Software Developer at Swell Fundraising
    Calum Cameron
    CEO of DP Innovation Labs and Edasi Labs
    Andrus Padar
    Head of Technology Department of Estonian Information System Authority and Volunteer of Estonian Cyber Defence League
    Marily Hendrikson
    Ministry of Economic Affairs and Communications for Estonia AI and Cybersecurity Expert
    Maido Parv
    Senior Product Designer at Wise
    Martin Zadnik
    Project manager and researcher at CESNET
    Andras Iklody
    Software Developer at CIRCL (Computer Incident Response Center Luxembourg)

    Organizers

    Kadri Bussov
    Legal Advisor at SECURITYMADEIN.LU
    Tamara Bezljudova
    Chief Marketing Manager at Garage48
    Siim Eesalu
    Project Manager at Garage48

    The Program is brought to you by: