Since 12 years, our team organizes the hack.lu security conference, which brings many security professionals together. We observe that many people and organisations create open source software to support their security activities, ranging from reverse engineering, digital forensic, incident response (DFIR), threat analysis to network security. Many of the security tools are developed on a long-term commitment and they provide viable solutions to improve security globally. In order to support the continuity of innovation, development and integration of such open source security tools, we decided to organise a two-days hackathon in May in addition to our yearly hack.lu conference (16th to 19th October 2017).
On May 2nd and 3rd, 2017, around 40 free and open source software developers met in Luxembourg to take part in the first Open Source Security Software Hackathon (OS3 Hackathon). This 2 days event offered the opportunity to the developers to collaborate on various software projects in the information security field.
During this hackathon, significant achievements in existing projects were reached and new projects started:
- MISP and Cortex integration to allow the information sharing platform MISP to connect and use Cortex intelligence services. Cortex 1.1.1: Two Way MISP Integration Now a Reality.
- cve-search performed a new major release and reorganised the contribution aspect to ease the external contribution and improved its test suite.
- shotovuln - an offensive bash script for pentesters to find generic privesc issue on Unix boxes.
- MISP taxonomy improvement with assessment of the analysts.
- MISP galaxy improved with an extended ransomware cluster.
- Viper made significant progress towards its support of Python 3, including working on the Python 3 port of pefile and the creation of an open test suite for pefile
- A new project has been evaluated for the exchange of software vulnerability information within open source projects supporting software evaluation, information security or assessment. The idea is to share a common format between cve-search, aboutcode to share information about software vulnerabilities within open source projects.
- Updates in JSMF-Android - Analysis of Inter-Component Communication links (ICC) and source code of Android applications (AST).
- The Seeker of IOC - CERTitude is a Python-based tool, which aims at assessing the compromised perimeter during incident response assignments.
- Improvement of mail_to_misp with the support for Thunderbird was added.
A second Open Source Security Software Hackathon #2 (19-20 October 2017) will take place after the Hack.lu conference on Thursday October 19 from 18:00 until 22:00 with a kickoff meeting with all the projects and teams. The second part of the Hackathon will take place the full day of Friday October 20. As many speakers and participants of the hack.lu will be present, they can conclude their week by participating to the Hackathon.
The participation to the Hackathon is free of charge but you will need to register here: https://www.eventbrite.com/e/open-source-security-software-hackathon-2-tickets-34848731494. See you there!