hackathon.lu - The Open Source Security Software Hackathon – News

hackathon.lu 2026 announced

Wed, 04 Feb 2026 00:00:00 +0000

The hack.lu team and CIRCL announce the new hackathon.lu 2026 event.

hackathon.lu 2026: Open Source, Security, and Collaboration — with an Open Conference Morning on 14 April

Luxembourg, April 2026 — hackathon.lu returns on 14–15 April 2026, bringing together developers, security professionals, researchers, and Open Source enthusiasts for two days of hands-on collaboration, experimentation, and knowledge sharing in the Grand Duchy of Luxembourg.

Designed as a community-driven Open Source hackathon, hackathon.lu focuses on building, improving, and challenging real-world tools and ideas — particularly in the areas of security, engineering, and interoperability. The event welcomes participants of all backgrounds, from experienced practitioners to curious newcomers.

A Conference Morning to Kick Things Off

To open the event, hackathon.lu will host an integrated conference morning on Tuesday, 14 April 2026, from 09:00 to 12:00.

This informal, breakfast-style conference is open to the public and brings together speakers from Open Source and security communities to share short, focused talks. Rather than polished product pitches, the emphasis is on practical experience, lessons learned, and ideas that invite collaboration.

The conference morning is designed to:

Set the tone for the hackathon
Spark discussion and cross-pollination of ideas
Inspire projects that participants can explore during the hackathon itself

From Ideas to Action

Following the conference morning, registered hackathon participants will spend the remainder of 14–15 April working in small, self-organizing teams on Open Source projects, prototypes, tooling, documentation, and experiments.

There is no pressure to “finish” — learning, collaboration, and shared progress are the primary goals.

Open, Inclusive, and Community-Focused

hackathon.lu is built around the values of:

Open Source and open collaboration
Knowledge sharing over competition
Practical, real-world engineering
Building bridges between communities

The event is closely aligned with the spirit of hack.lu, Luxembourg’s long-standing security conference.

Registration

Attendance for the conference morning and participation in the hackathon is open via registration:

👉 https://hackathon.lu/practical/

Participation in the hackathon requires registration.
The conference morning is open to interested members of the public.

👉 Please register a talk through our CfP system: https://pretalx.com/hackathon-2026/cfp

Submissions will be reviewed by a program committee, which will select the talks for the conference morning.

About hackathon.lu

hackathon.lu is an Open Source–focused hackathon held in Luxembourg, bringing together people who want to build, break, fix, and improve technology collaboratively. It provides a space where ideas can be discussed over coffee in the morning — and turned into code by the afternoon.

Successful Outcomes from the Hackathon.lu 2025 in Luxembourg

Fri, 11 Apr 2025 00:00:00 +0000

Press Release: Successful Outcomes from the Hackathon.lu 2025 in Luxembourg

Luxembourg, April 9, 2025 – The Hackathon 2025, held from April 8 to 9, has successfully brought together a global community of more than 50 cybersecurity experts, developers, and innovators, all working toward advancing the realm of free and open-source software (FOSS) in cybersecurity. Hosted in Luxembourg, the hackathon focused on building cutting-edge tools and improving existing systems to enhance security in a rapidly evolving digital world.

Organized as part of the renowned hack.lu event series, Hackathon 2025 saw remarkable collaboration across teams, resulting in the successful implementation of several key software updates, tools, and features. The event underscored the power of open-source technology in driving advancements in cybersecurity, and participants demonstrated the vital role of innovation in strengthening digital defenses.

We would like to thank all the participants who contributed their time and creativity to make this hackathon a success, as well as our sponsors, POST Luxembourg and Conostix, for providing the infrastructure support.

Looking ahead, the hackathon.lu team is already planning the next edition of the event, scheduled for April 2026. As a reminder, the hack.lu security conference—one of Europe’s leading cybersecurity events—will take place from October 21-24, 2025, at the Alvisse Parc Hotel in Dommeldange, Luxembourg. Early bird tickets are still available for a few more days at https://2025.hack.lu/info/. Additionally, the hack.lu Call for Papers (CFP) is open, and cybersecurity experts are encouraged to submit their proposals at https://pretalx.com/hack-lu-2025/. For those looking to support the event, there are still a few sponsoring opportunities available at https://2025.hack.lu/sponsoring/.

Highlights of the Successful Projects and Contribution:

MISP Fleet Commander Release
The MISP Fleet Commander, a new management interface for MISP instances, was launched with the goal of streamlining the operational management for security analysts. This tool significantly reduces the complexities involved in maintaining multiple MISP instances, thus improving overall efficiency in threat intelligence sharing.
Read more on Discourse | GitHub Repository
Lacus v1.13.1
Lacus, a data analysis platform, saw an impressive update with version 1.13.1. The new release enhances the tool’s capabilities in managing and processing large sets of security data, providing users with more efficient and comprehensive data analysis.
Read more on Discourse | GitHub Repository
Lookyloo v1.28.1
Lookyloo, a tool for visualizing web infrastructure, was upgraded to version 1.28.1, introducing new functionalities that provide deeper insights into web structures. This tool aids cybersecurity professionals in mapping out potential vulnerabilities in web applications, ensuring proactive security measures are in place.
Read more on Discourse | GitHub Repository
Flowintel Enhancements
Flowintel, a platform for network traffic analysis, received vital improvements, making it more effective at detecting and analyzing cyber threats in real time. These enhancements bolster the tool’s capabilities in identifying unusual patterns in network data and provide better insights for responding to incidents.
Read more on Discourse | GitHub Repository
Kunai-Sandbox v0.1.4 Release
The Kunai-Sandbox, a malware analysis tool, introduced new updates aimed at improving the efficiency of malware detection and analysis. This release brings enhanced sandboxing capabilities, providing a more secure environment for analyzing suspicious files and activities.
Read more on Discourse | GitHub Repository
Pykunai v0.1.5
Pykunai, a tool designed to improve security operations and integration with Kunai, received a new update with version 0.1.5, which focuses on enhancing the tool’s functionality for cybersecurity professionals. This update streamlines several processes, making threat identification and response faster and more effective.
Read more on Discourse | GitHub Repository
Vulnerability-Lookup Enhancements
The Vulnerability-Lookup platform received key updates that enhance its ability to manage and identify vulnerabilities across various systems. These improvements ensure that security teams have timely and accurate information when responding to potential security threats.
Read more on Discourse | GitHub Repository | Release v2.8.0 including hackathon.lu contribution
New MISP object summariser-output added in MISP
In the objective to extend AI-support in MISP, a new summariser-output object template has been added. During the hackathon, a new pipeline to support RSS gathering and AI-summarisation was developed. Read more on Discourse | GitHub Repository
Virgil v0.1.0 Launch
The introduction of Virgil, a new security analysis tool, marked a significant milestone in the hackathon. Designed to enhance the analysis capabilities of security professionals, Virgil promises to become an essential tool in the fight against cybercrime.
Read more on Discourse | GitHub Repository
MISP OpenAPI Documentation
Another key accomplishment was the development of an improved comprehensive documentation for MISP’s collections endpoints. This new documentation aims to make it easier for users to implement MISP’s powerful features, fostering wider adoption of the platform across the cybersecurity community. Various updates were done on the OpenAPI specification.
Read more on Discourse | GitHub Repository
MISP MCP: Natural Language Interface
A groundbreaking development was the integration of natural language processing (NLP) into MISP via the MISP MCP (MISP Cloud Platform). This feature allows users to interact with MISP using natural language, enabling non-technical stakeholders to query and manage cybersecurity data more easily.
Read more on Discourse | GitHub Repository
Flowintel Docker Fix
Flowintel also saw a crucial update, resolving Docker compatibility issues, ensuring that the platform runs seamlessly in containerized environments. This fix allows users to deploy Flowintel in a more flexible and scalable manner.
Read more on Discourse | GitHub Repository
Sysdiagnose Submissions
A new tool was introduced for automating the submission of sysdiagnostic information from mobile phone, improving incident response by enabling faster troubleshooting of system issues and providing richer context to cybersecurity teams.
Read more on Discourse | GitHub Repository
AIL Geospatial Analyst Module
The AIL (Analysis Information Leak) platform introduced a new Geospatial Analyst module, enhancing the ability to map and analyze geographic information within cybersecurity operations. This addition greatly improves the visualization of threats and incidents based on location.
Read more on Discourse | GitHub Repository
MISP Lite OpenSearch Integration
A notable update was the integration of MISP Lite with OpenSearch, enabling faster and more efficient querying of threat intelligence data. This improvement strengthens MISP Lite’s role in smaller-scale security environments that rely on performance and scalability.
Read more on Discourse | GitHub Repository
Embedded Device Feed for MISP
A new feed was added to MISP specifically for tracking vulnerabilities in embedded devices. This feed aims to address the growing concerns around Internet of Things (IoT) security by providing timely and relevant intelligence on potential threats.
Read more on Discourse
ADBox Algorithmic Multiplexing
ADBox, a tool for Active Directory auditing, received a major update with the addition of algorithmic multiplexing, improving its ability to process and analyze large datasets. This enhancement makes ADBox more efficient at detecting malicious activities in complex networks.
Read more on Discourse | GitHub Repository
Suricata Rules Generation Enhancement for MISP
MISP’s capabilities were further improved with an update focused on generating better Suricata rules. This change allows MISP users to produce more accurate and effective rules for intrusion detection systems, strengthening network defenses.
Read more on Discourse | GitHub Repository
Certificate Transparency Support in Cocktailparty
Cocktailparty, a tool for streaming cybersecurity data feed, added support for certificate transparency, enabling more efficient detection of certificate-related threats. This update will help teams stay ahead of potential security risks linked to certificate mismanagement.
Read more on Discourse | GitHub Repository
Codeclarity Sends Sightings to Vulnerability Lookup
Codeclarity, a platform for vulnerability analysis, introduced a new feature that automatically sends sightings to the Vulnerability Lookup platform. This integration allows teams to rapidly identify and respond to potential security threats by correlating findings with an updated vulnerability database.
Read more on Discourse | GitHub Repository
Replacement of Redis with Valkey in AIL Project

As many projects aim to maintain a fully open-source stack, a proposal has been made to replace Redis with Valkey in the AIL project.

Pull-request
LexiLang language detection improved in AIL Project

Pull request was made during the hackathon.lu for the LexiLang project (used by the AIL Project) introduces the following changes: To improve language detection, it includes a major cleanup and refinement of language dictionaries to reduce false positives. It also enhances accuracy by removing ambiguous or low-quality entries from the dictionaries. This is a significant improvement for AIL, enabling better language detection with fewer false positives.

For more details: LexiLang improvement

Summary: The Hackathon 2025 in Luxembourg showcased an impressive array of innovative open-source cybersecurity tools and updates, developed in just two days by a global community of experts. Participants collaborated intensively to create impactful solutions, enhancing threat intelligence sharing, vulnerability detection, and network security. The event highlighted the power of open-source collaboration in driving rapid advancements in the cybersecurity field.

Looking Ahead: The Hackathon 2025 demonstrates the power of collaboration, community-driven development, and open-source technology in advancing cybersecurity. With these new tools and updates, cybersecurity professionals are better equipped to combat the growing range of cyber threats in today’s interconnected world. The event has successfully illustrated the critical role of innovation in keeping digital infrastructures safe and resilient.

Participants, organizers, and contributors from around the world are already looking forward to future editions of the hackathon, where they can continue to push the boundaries of cybersecurity and build stronger defenses for global digital ecosystems.

For more information about the Hackathon 2025 and the projects developed, please visit hackathon.lu.

hackathon.lu 2025 announced

Tue, 24 Dec 2024 00:00:00 +0000

The hack.lu team and CIRCL announce the new hackathon.lu 2025 event.

This 2-day physical Hackathon, held in Luxembourg on April 8th and 9th, 2025, focuses on the development of free and open-source software for cybersecurity. We aim to convene diverse developer groups to collaborate on complex programming challenges within key cybersecurity areas, such as information sharing, threat intelligence, network and system forensics, data mining, network and computer exploitation, and defense techniques. The hackathon’s objectives include improving existing open-source security projects, enhancing interoperability and integration between different security tools, and driving the creation of innovative new solutions.

The hackathon will emphasize tackling complex challenges, whether by enhancing existing projects or creating new ones, with a focus on how in-person collaboration and interaction can help overcome specific obstacles. We encourage activities both before and after the hackathon to maximize productivity and ensure the event is a catalyst for impactful progress. We aim to foster collaboration with both existing and new projects while building stronger trust within collaborative groups.

Many open-source security projects will be at the hackathon, including the MISP Project, AIL Project, Kunai, Flowintel, Lacus, Lookyloo, Pandora, Vulnerability-Lookup, OISF and Suricata. If you’d like to join us or propose a specific project for the hackathon, feel free to get in touch!

Ready to join? Register here: https://hackathon.lu/practical/.

If you’re leading a project, we encourage you to submit your proposal. We’re enthusiastic about expanding our project list for the hackathon.