Projects at hackathon.lu

Projects and Team at hackathon.lu 2026

The following open-source projects will be at the hackathon. If you’d like to include your project, feel free to contact us!

MISP Project

MISP, the open source threat sharing platform.

AIL Project

AIL Project is an open source framework composed of different modules to collect, crawl, dig and analyse unstructured data. AIL includes an extensible Python-based framework for analysis of unstructure information collected via an advanced Crawler manager or from different feeders (such as Twitter, Discord, Telegram Stream providers) or custom feeders.

Kunai

Kunai: bring your Linux Threat-Hunting capabilities to the next level.

Flowintel

Flowintel is an open-source platform designed to assist analysts in organizing their cases and tasks. It features a range of tools and functionalities to enhance workflow efficiency.

Rulezet

Rulezet Rulezet is an open-source web platform for sharing, evaluating, improving, and managing cybersecurity detection rules (YARA, Sigma, Suricata, etc). It aims to foster collaboration among professionals and enthusiasts to improve the quality and reliability of detection rules.

Lacus

Lacus: A capturing system using playwright, as a web service.

Lookyloo

Lookylooo is a web interface that captures a webpage and then displays a tree of the domains, that call each other.

Pandora

Pandora is an analysis framework to discover if a file is suspicious and conveniently show the results.

Vulnerability-Lookup

Vulnerability-Lookup facilitates quick correlation of vulnerabilities from various sources, independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).

GCVE

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

VulnTrain

VulnTrain is a tool for generating diverse datasets and models using vulnerability data from Vulnerability-Lookup.

It leverages all vulnerability advisory sources supported by Vulnerability-Lookup to train models, utilizing over one million JSON records. Additionally, data from the vulnerability-lookup:meta container, including enrichment sources such as vulnrichment and Fraunhofer FKIE, is incorporated to enhance model quality.

Various models are already available on Hugging Face and we are always interested in new ideas (datasets, trainers, integration with Vulnerability-Lookup, …)!

MISP Workbench

MISP Workbench is an analyst-focused threat intelligence platform built to handle large-scale indicator data without the overhead of a full MISP deployment. It ingests feeds from multiple sources — MISP instances, CSV, JSON, and freetext — consolidates them into a unified OpenSearch-backed workspace, and gives analysts the tools to query, correlate, enrich, and hunt across the full corpus from one place.

Built for speed and practicality: run Lucene queries across millions of indicators, schedule recurring hunts for persistent monitoring, enrich IOCs via misp-modules, and push curated results back to MISP or downstream consumers — all without writing one-off scripts or jumping between tools.

OISF and Suricata

Suricata is a high performance, open source network analysis and threat detection software used by most private and public organizations, and embedded by major vendors to protect their assets.

HOPLITE

AI-Powered Data Analysis for LEAs - HOPLITE enables law enforcement agencies to identify and prioritise online threats in real time.

cocktailparty

cocktailparty is a websocket data brocker system based on the phoenix framework.

Mercator

Mercator is a powerful and versatile open-source web application designed to facilitate the mapping of information systems, as outlined in the Mapping The Information System Guide by ANSSI. Whether you’re an operator of vital importance or part of a broader IT governance framework, Mercator is an essential tool for gaining visibility, control, and ensuring the resilience of your information systems.

sysdiagnose analysis framework

sysdiagnose is an open-source framework developed to facilitate the analysis of the Apple sysdiagnose files and especially the one generated on mobile devices (iOS / iPadOS). In the light of targeted attacks against journalists, activist, representatives from the civil society and politicians, it empowered incident response team to review device behaviour and ensure their integrity. This tool is initially the result of a joint effort between EC DIGIT CSOC (European Commission DG DIGIT) and CERT-EU (https://cert.europa.eu/).

IAMI (Identity & Access Management Integrations)

IAMI (Identity & Access Management Integrations)

IAMI is a Work in Progress Open Source platform that integrates identity and access management to several tools in an automated way (as much as possible). All user-facing applications use Keycloak for single sign-on, and users only need one account to access everything depending on their rights.

The main entry point to the platform is Portal (portal) where users can see all available services and request access to them. Keycloak (id) handles authentication, authorization (via custom made keycloak group-auth plugin) and user management. Comprehensive monitoring (Grafana, Loki, Prometheus and Alloy) and analytics using Matomo.

The platform uses official Kubernetes Helms or manifests and is deployed using ArgoCD while custom images are hosted in a privately deployed registry using Harbor. This tool was initially developed by the International Committee of the Red Cross (ICRC) in collaboration with Cortex Security S.A.

IDPS-ESCAPE

IDPS-ESCAPE logo

IDPS-ESCAPE (Intrusion Detection and Prevention System - Enhanced Security through a Cooperative Anomaly Prediction Engine), part of project CyFORT: open-source SOAR system powered by a Risk-aware Anomaly Detection-based Automated Response (RADAR) subsystem and a deep learning-based AD subsystem (SONAR), integrated with Wazuh, Flowintel, and Suricata.

SATRAP-DL

SATRAP logo

SATRAP-DL (Semi-Automated Threat Reconnaissance and Analysis Powered by DECIPHER Logic), part of project CyFORT, offers a suite of tools for computer-aided CTI analysis and automated incident handling informed by CTI, provided respectively by its sub-systems SATRAP and DECIPHER, in turn integrated with MISP and Flowintel, via SATRAP-DL PyFlowintel.

MISPERER

MISPerer logo MISPerer MISPerer implements Anthropics’s Model Context Protocol (MCP) to enable Large Language Models (LLMs) to interact directly with the MISP threat intelligence platform. This allows users and automated systems to query and analyze MISP data using natural language prompts.

Range42

range42 logo Range42 is a modular cyber range platform designed for real-world readiness. We build, deploy, and document offensive, defensive, and hybrid cyber training environments using reproducible, infrastructure-as-code methodologies.

Monarc

monarc logo Monarc is an open-source tool and a method based on ISO/IEC 27005 that helps conduct an optimised, precise, and repeatable risk assessment. The code is based on php/Laminas backend, Angularjs frontend and MariaDB database. It also has some related services based on Python/Flask and Postgresql. The official website is available here.

Misp-ghidra and BSimVis

Misp-ghidra is a python library and scripts to extend Ghidra for exporting ghidra decompilation indicators (functions names, FID hashes, BSIM vectors) to MISP Objects.

BSimVis is a tool to analyze similarities across a collection of binaries, based on Ghidra analyzers and the BSim (Behavioral Similarity) plugin. It provides an API and Web interface to upload large quantities of decompiled binaries and BSim feature vectors to a Kvrocks database for similarity analysis, function diffing, and family clustering.