Topics at hackathon.lu
Topics and Projects at hackathon.lu 2025
A series of topics are available for Hackathon 2025, along with potential task ideas. This list will be regularly updated based on feedback and the projects joining the event.
Cyber Threat Intelligence
Explore innovative ways to collect, analyze, and share threat intelligence to enhance cyber defenses and facilitate proactive responses to evolving threats.
Task - Improve the visualisation of MISP taxonomies and galaxies and make it accessible to a larger community.
| Task CTI-VIS-INFO |
|---|
| Improve the visualisation of MISP taxonomies and galaxies and make it accessible to a larger community. |
| Task Lead |
| MISP Project - taxonomies and galaxy maintainers. |
| References - https://www.misp-galaxy.org/ - https://github.com/MISP/misp-galaxy/ - https://github.com/MISP/misp-taxonomies |
Task - Add MISP workflow action to send messages to nextcloud chat
| Task MISP-WORKFLOW-NEXTCLOUD-CHAT |
|---|
| Task Lead: Jeroen Pinoy - MISP contributor |
| References - Nexctcloud chat API doc |
Task - Add functionality to MISP modules and/or MISP, to keep an audit record of the usage of modules (timestamps + user)
| Task MISP-MODULES-AUDIT |
|---|
| Task Lead: |
| References - MISP modules repo |
Task - Review and update the MISP OpenAPI documentation (especially the allowed arguments), using the real MISP documentation
| Task MISP-OPENAPI-DOC |
|---|
| Task Lead: Jeroen Pinoy - MISP contributor |
Task - Build a set of examples of common cyber threat intelligence sharing scenarios (e.g. malware sample executed by cron job), with resulting MISP encoded version of the scenario data, along with explanations.
| Task MISP-CTI-ENCODING-SCENARIO-SAMPLES |
|---|
| Build a set of examples of common cyber threat intelligence sharing scenarios (e.g. malware sample executed by cron job), with resulting MISP encoded version of the scenario data, along with explanations. |
| Task Lead: Jeroen Pinoy - MISP contributor |
| References - https://www.misp-project.org/misp-training/b.1-best-practices-in-threat-intelligence.pdf - https://www.circl.lu/doc/misp/best-practices/ |
Task - Create MISP incident response playbooks / guidelines
| Task MISP-IR-PLAYBOOKS |
|---|
| The goal is to create documentation for what to look at when trying to answer “Is the user activity of user X on MISP suspicious?”. The doc should contain information on how to interpret logs, audit info… This falls under larger umbrella of how to detect and analyze potential abuse on a MISP instance. |
| Task Lead: |
Digital Forensics and Incident Response
Delve into tools and methodologies for investigating cyber incidents, uncovering evidence, and responding effectively to mitigate impact.
EDR and Host-Based Detection
Enhance endpoint detection and response (EDR) capabilities with cutting-edge techniques for detecting and mitigating threats at the host level.
Vulnerability Management
Develop and refine strategies and tools for identifying, assessing, and prioritizing vulnerabilities to reduce organizational risk.
Task - Extracting CVE/Vulnerability reference from large datasets such as commoncrawl
| Task VUL-EXTRACT |
|---|
| Extracting CVE/Vulnerability reference from large datasets such as commoncrawl. Adding references into vulnerability-lookup project. |
| Task Lead |
| vulnerability-lookup |
| References - https://www.vulnerability-lookup.org/ - commoncrawl dataset |
Task - Guessing CPE name based on vulnerability description.
| Task VUL-CPE-GUESS |
|---|
| Facilitating the guessing of a CPE name via natural language processing based on vulnerability description. |
| Task Lead |
| vulnerability-lookup |
| References - https://www.vulnerability-lookup.org/ - cpe-guesser |
Task - Guessing CPE name with LLM
| Task VUL-CPE-LLM |
|---|
| Facilitating the guessing of a CPE name with LLM. |
| Task Lead |
| Vulnerability-Lookup |
| References - https://www.vulnerability-lookup.org - VulnTrain |
Task - Predict exploitability with LLM
| Task VUL-EXP-LLM |
|---|
| Estimating the exploitability of a new vulnerability with LLM. |
| Task Lead |
| Vulnerability-Lookup |
| References - https://www.vulnerability-lookup.org - VulnTrain |
Task - Enhanced Vulnerability-Lookup with Code Context
| Task VUL-Sourcecode-LLM |
|---|
| When searching for vulnerabilities, provide relevant code snippets from impacted projects. Extend Vulnerability-Lookup database/dataset by linking CVEs with corresponding source code segments from affected products/repositories. Fine tune CodeBert of CodeT5. |
| Task Lead |
| Vulnerability-Lookup |
| References - https://www.vulnerability-lookup.org - CodeBERT - CodeT5 |
Cybersecurity - Open Data and Open Datasets
Use and create open data and datasets to support cybersecurity research, training, and collaborative innovation.
API and Tooling Interoperability
Focus on creating and improving APIs and tools that enable seamless integration and interoperability between different cybersecurity platforms.
Mercator
Work on auto-discovery and update of existing objects using the REST API.
Tasks
- Auto-discovery with nmap: Scan the network to identify active devices and retrieve basic information (IP, open ports, OS fingerprinting).
- Update server configuration with SNMP: Collect hardware and software information from discovered devices and update Mercator accordingly.
- Integration with existing inventory data: Cross-reference discovered devices with existing inventory records to update or flag discrepancies.
- Automated tagging and categorization: Assign tags based on device type, OS, and role in the network.
- Web UI enhancements: Display real-time discovered devices and provide an interface for manual validation and corrections.
- Alerting for new/unexpected devices: Notify administrators when unknown or unauthorized devices appear on the network.
Cybersecurity Education
Create and share educational resources (e.g. CTF challenges), training modules, documentation and workshops to advance knowledge and skills in cybersecurity.
Policy and Cybersecurity
Improve open source toolings to support policies, regulations, and frameworks to address the challenges and opportunities at the intersection of governance and cybersecurity.
YALTF (Yet Another License Tool and Framework)
Tasks: (Click for more details)
Expanded OS & platform support (Windows, macOS)
- Extend linux support: Extend support to further Linux distributions, particularly Debian and its derivatives that are most used. Explore compressing license data for efficient scanning (additional feat)
- Windows (SSH-Based): Enable scanning of software on Windows systems accessible via SSH.
- Windows (native): Implement native scanning on Windows using the WinRM protocol.
- macOS support: Extend scanning to macOS, including Homebrew-managed packages.
- Docker compatibility:Support scanning of Docker images to detect license and security issues.
Enhanced UI (viewer) (advanced filters, better visualization)
- Redesign the UI with modern web technologies for a better user experience.
- Introduce advanced filtering, classification, and compliance-checking features.
- Display scan summaries and elegantly visualize composite license structures.
Expand package scanning capabilities (Flatpak, Snap, npm ...)
- Scan software installed via distribution-independent package managers (e.g., Flatpak, Snap).
- Support CLI-based application package managers (e.g., Go modules, npm) for deeper license analysis.
Error handling & logging
- Improve logging with detailed and actionable diagnostic messages.
- Display errors and warnings directly in the scan report for better visibility.
Interoperability with other tools (ORT, CSV, SML, SPDX...)
- Enable integration with existing license scanners. Provide outputs compatible with industry-standard tools like ORT for seamless report generation.
- Support additional output formats, including CSV, XML, SPDX, and more, alongside the existing JSON.
Advanced configuration/parameters (Custom output names, locations...)
- Expand configuration settings to allow custom output directories, report names, and other preferences.
Improved accuracy and security (Validation, Vulnerability Detection...)
- License data validation: Cross-check scan results against online sources to ensure completeness and detect outdated or missing license information.
- Vulnerability detection: Identify known vulnerabilities (CVEs) in scanned software by referencing security databases. Potentially leveraging lookup service from CIRCL.
- Weak or insecure configuration detection: Analyze server, database, and software configurations for security misconfigurations that could lead to potential exploits.
Testing & QA (Automated test suits)
- Develop automated test suites for YALTF to ensure accuracy, reliability, and robustness.