האירוע נדחה בעקבות
הנחיות הטכניון בנוגע לווירוס הקורונה.
About
Organized by the Computer Science Department and Hiroshi Fujiwara Cyber Security Research Center at the Technion.
The CS HACK 2020 is ready to go!
When?
Thursday and Friday, 2nd to 3rd of April.
Where?
Taub Building – Computer Science Department.
If you have an exciting idea, you think outside the box, you have a hunger to develop and research and be part of a team of talented people, this event is exactly for you!
You can choose to develop your own idea or work on one of the challenges listed on the website .
Industry-leader mentors, entrepreneurs and researchers will be available throughout the process—from the idea stage, through planning and development stage and up to the presentation stage. So, even if you have no knowledge of the area, you will still be able to participate.
The event is organized in collaboration with graduate students of the Computer Science department.
Bottom line: This is going to be an experience that you will be glad to include in your resume, one that includes a lot of surprises and cool prizes.
We can accept up to 100 participants and we intend to create diverse teams for the competition. We aim to select competitors from a broad range of backgrounds, nationalities, languages, genders, experiences and cyber security skills.
So hurry up and register – places are limited .
Pre-Hackathon
At the pre-hackathon meeting we will answer questions and provide more information on the event and on the challenges.
Please reserve the date!
17:30 Hitchhiker's guide to cyber security
Amichai Shulman Cyber Security Technologist and Investor
18:15 Presentation of selected challenges,
explanations and questions
Tuesday 31.3
Game Rules
Eligibility:
All Technion students of all degrees.
Judging:
The Panel of Judges will include faculty members and senior executives from leading industrial organizations.
The criteria for winning include: creativity and Innovation, quality an implementation of the solution, how well the business need was addressed and how well the solution was presented.
Participants:
Participation is in teams of 2 to 6 members. We recommend that you join a team at registration stage. Alternatively, you can register individually and we will team you up with other participants.
Ownership:
The teams will own the idea that they brought and developed.
Prizes:
The winning teams will be awarded cash prizes: 1st place: 5,000 NIS, 2nd place: 3,000 NIS, and 3rd place: 2,000 NIS.
Schedule
08:30 Registration
09:00 Opening Ceremony
10:00 Start Hacking
13:00 Lunch
16:00 Cocktails
18:00 Pilates
19:00 Dinner
22:00 Late Night Snacks
08:30 Breakfast
10:00 Presentation
12:30 Prizes
Challenges
Botnet detection via HTTP requests
#Cybersecurity #DataScience #Networks
Botnets are a cluster of bots - devices controlled by hackers - that operate synchronously through commands they receive from the hacker that owns the botnet. They are usually used to commence massive attacks on a single website, or scan numerous sites in hopes of finding an exploit. In this challenge you will attempt to detect botnets by analysing the patterns they create during attacks. You’ll get a dataset of requests sent by malicious actors and will have to devise a method to detect which requests were sent from a botnet, and which bots are part of it.
Phishing detection via external information
#Cybersecurity #DataScience
Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Phishing is still one of the most popular and most frequent cybercrime methods. The best way to protect yourself from phishing is to learn how to recognize a phish. You will get a database of community-based verified phishing sites and your mission is to suggest a new approach to better classify phishing attempts based on the existing database features, combined with new reconnecense approaches. For instance, usage of domain listing services (e.g., https://www.whois.net/) combined with innovative heuristics over PhishTank’s database.
Security solutions over encrypted traffic
#NetworkSecurity #NetworkInspection #Wireshark #Cloud
The urge of privacy and security led vendors all over the world to adopt encryption for network communications. Decrypting it is getting tougher everyday – end-to-end encryption, TLS 1.3, certificate pinning – which force us to think about new ways to deliver network security solutions. Giving that, what kind of security solutions can we create? Such ones that will be able to give visibility, anomaly, security insights and preferably prevention over encrypted traffic?
Fraudulent “call for action”
#FraudDetection #NLP
Phishing (and one its solutions – email security) is not a new problem. However, more advanced fraudsters find new ways to bypass all security solutions. Fraudster avoid using malicious attachments and links, they target specific people of the organizations, “tailor” an attack and usually call for victim’s interaction (e.g. transfer money, change account number, share insider information). How can we deal with this phenomenon?
DDoS detection - when more traffic is a bad thing
#Cybersecurity #DataScience
Network DDoS attack are “stupid” volumetric attacks that aim to overwhelm a website’s bandwidth and/or CPU by sending way more traffic than it can handle. DDoS detection is the art of detecting when an attack has begun and when to start performing mitigation. In this challenge you’ll receive tagged time series of numerous DDoS attacks. Your objective is to detect when an attack has started, and when it ended.
Non-genuine media detection
#FakeNews #ImageProcessing
Computer-generated videos, phone calls and social media accounts are all a relatively new risk for deceiving. In the era of DeepFake, robo-calls and fake news – how can we distinguish between what’s real and what’s not?
Passive TCP fingerprinting - find out who is on the other side
#Cybersecurity #Networks
Hackers tend to defend themselves by hiding behind services such as proxies and VPNs. Although this helps hackers avoid detection, it’s actually a double edged sword because if a website detects a client behind a masking service - it will know to treat it suspiciously. VPNs and proxies act as an intermediate between the hacker and the website and thus tend to slightly modify the traffic that flows through them. This modification can be detected by analyzing the lower levels of the packet - the IP and TCP headers.
Detecting phishing websites
#InformationSecurity
You will need to get a website A and compare it to website B and give a score if one website A is a phishing website pretending to be website B. it can be achieved in multiple ways and scoring features such as text seen, visibility (colors used on the website), components (login or form fields) and more.
Online data type classification for sensitive or non-sensitive data types
#DataSecurity #DataScience
To protect the most sensitive data in the organization it is required to classify which data is sensitive and which data is non-sensitive. Sensitive data is considered as sensitive if it is one of two types PII (Personal Identifiable Information) or PCI (Payment Card Industry). The first can be any data that may reveal personal information of users customers (usernames, passwords, birth date, address, email, phone number, etc). The second refers to any data that reveals payment card information including credit card number expiration date CVV etc. In this challenge we’ll attempt to classify data types using the table name, column names and the data itself.
Encrypted rsync
#Encryption
Rsync is a Unix program that syncs a local directory to another local or remote directory, and allows to keep multiple versions of the same directory, while saving both disk space and transmission bandwidth when the same file is resynced. It is very useful for backing up your disk. However, it does not have encryption support. Competing software, e.g., rclone, do not support keeping multiple versions while saving bandwidth and disks pace (which rsync does when called with "--link-dest"). This project is aimed at providing an rsync version (or a new software) that provides encryption together with all the original rsync functionality.
הצגת נגישות לאימות דו שלבי במגוון פתרונות הזדהות
למשל Push Notification ,SMS ,Google auth, ההבדל בקושי בין מערכות ההפעלה, פתרונות הזדהות צד שלישי.
זיהוי תעבורה זדונית בפרוטוקולים שונים
למשל Https over SSH, SSH over DNS.
הסקת מסקנות אופרטיביות מניתוח תעבורה מוצפנת
למשל על בסיס נפח תעבורה וחריגה מ-Baseline.
זיהוי מגמות בפרוטוקולי הצפנה
ניתוח סטטיסטיקה על ה-DB של No more ransom.
זיהוי שירותים חשופים
ניתוח DB מבוסס Shodan לטובת זיהוי מגמות Misconfiguration בענן.
Register
Registration is open until 13 March 2020. Those who register will receive confirmation of participation by 19 March 2020.
Thursday 2.4
Friday 3.4
Our Judges
Prof. Eli Biham
Prof. Shaul Markovitch
Amichai Shulman
Sara Bitan
Our Mentors
Shaked Rafaeli
Software Engineer @ Facebook
Daniel Haim Berger
Security Researcher @ Intel
Yuval Ron
M.Sc. Student @ Technion
Guy Pergal
Security Researcher @ Microsoft
Itzik Ashkenazi
Lab Chief Engineer @ Technion
Johnathan Azaria
Data Scientist @ Imperva
Limor Manasherov
Software Engineer @ Microsoft
Elad Shapira
Head of Research @ Panorays
Gil Cohen
Technical Lead @ Rafael
Maya Bechler-Speicher
Data and Applied Scientist @ Microsoft
Yehonatan Lusky
Security Researcher @ Intel
Guy Gadon
Software Engineer @ Facebook
Aviv Gaon
Researcher @ IDC Herzliya
Muhammad Abd El Gani
Software Engineer @ Facebook
Alon Bar Lev
System Engineer @ Rafael
Matan Lion
Engineering Manager, Data Science @ Imperva
Noam Mori
Product Cyber Defense Manager @ Rafael
Ron Shmelkin
Data Privacy and Security Researcher @ IBM
Ori Kupfershmid
WiFi Security Researcher @ Intel
Guy Feferman
Software Engineer @ Facebook
Moshe Pinto
Cyber Security Engineer @ Rafael
Lior Saddan
Software Engineer @ Facebook
Itay Tsabary
Ph.D. Student @ Technion
Carmi Grushko
Software Engineer @ Facebook
Sarit Pinhas
Backend Engineer @ Duda
Maroun Tork
Software Engineer @ Facebook
Benny Zeltser
Security researcher @ Intel
Assaf Rosenbaum
Security Architect @ CyCloak
Shir Cohen
M.Sc. Student @ Technion