Botnet detection via HTTP requests

#Cybersecurity #DataScience #Networks

Botnets are a cluster of bots - devices controlled by hackers - that operate synchronously through commands they receive from the hacker that owns the botnet. They are usually used to commence massive attacks on a single website, or scan numerous sites in hopes of finding an exploit. In this challenge you will attempt to detect botnets by analysing the patterns they create during attacks. You’ll get a dataset of requests sent by malicious actors and will have to devise a method to detect which requests were sent from a botnet, and which bots are part of it.

​

​

Phishing detection via external information

#Cybersecurity #DataScience

Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Phishing is still one of the most popular and most frequent cybercrime methods. The best way to protect yourself from phishing is to learn how to recognize a phish. You will get a database of community-based verified phishing sites and your mission is to suggest a new approach to better classify phishing attempts based on the existing database features, combined with new reconnecense approaches. For instance, usage of domain listing services (e.g., https://www.whois.net/) combined with innovative heuristics over PhishTank’s database.

​

​

Security solutions over encrypted traffic

#NetworkSecurity #NetworkInspection #Wireshark #Cloud

The urge of privacy and security led vendors all over the world to adopt encryption for network communications. Decrypting it is getting tougher everyday – end-to-end encryption, TLS 1.3, certificate pinning – which force us to think about new ways to deliver network security solutions. Giving that, what kind of security solutions can we create? Such ones that will be able to give visibility, anomaly, security insights and preferably prevention over encrypted traffic?

​

​

Fraudulent “call for action”

#FraudDetection #NLP

Phishing (and one its solutions – email security) is not a new problem. However, more advanced fraudsters find new ways to bypass all security solutions. Fraudster avoid using malicious attachments and links, they target specific people of the organizations, “tailor” an attack and usually call for victim’s interaction (e.g. transfer money, change account number, share insider information). How can we deal with this phenomenon?

​

​

DDoS detection - when more traffic is a bad thing

#Cybersecurity #DataScience

Network DDoS attack are “stupid” volumetric attacks that aim to overwhelm a website’s bandwidth and/or CPU by sending way more traffic than it can handle. DDoS detection is the art of detecting when an attack has begun and when to start performing mitigation. In this challenge you’ll receive tagged time series of numerous DDoS attacks. Your objective is to detect when an attack has started, and when it ended.

​

​

Non-genuine media detection

#FakeNews #ImageProcessing

Computer-generated videos, phone calls and social media accounts are all a relatively new risk for deceiving. In the era of DeepFake, robo-calls and fake news – how can we distinguish between what’s real and what’s not?

​

​

Passive TCP fingerprinting - find out who is on the other side

#Cybersecurity #Networks

Hackers tend to defend themselves by hiding behind services such as proxies and VPNs. Although this helps hackers avoid detection, it’s actually a double edged sword because if a website detects a client behind a masking service - it will know to treat it suspiciously. VPNs and proxies act as an intermediate between the hacker and the website and thus tend to slightly modify the traffic that flows through them. This modification can be detected by analyzing the lower levels of the packet - the IP and TCP headers.

​

​

Detecting phishing websites

#InformationSecurity

You will need to get a website A and compare it to website B and give a score if one website A is a phishing website pretending to be website B. it can be achieved in multiple ways and scoring features such as text seen, visibility (colors used on the website), components (login or form fields) and more.

​

​

Online data type classification for sensitive or non-sensitive data types

#DataSecurity #DataScience

To protect the most sensitive data in the organization it is required to classify which data is sensitive and which data is non-sensitive. Sensitive data is considered as sensitive if it is one of two types PII (Personal Identifiable Information) or PCI (Payment Card Industry). The first can be any data that may reveal personal information of users customers (usernames, passwords, birth date, address, email, phone number, etc). The second refers to any data that reveals payment card information including credit card number expiration date CVV etc. In this challenge we’ll attempt to classify data types using the table name, column names and the data itself.

​

​

Encrypted rsync

#Encryption

Rsync is a Unix program that syncs a local directory to another local or remote directory, and allows to keep multiple versions of the same directory, while saving both disk space and transmission bandwidth when the same file is resynced. It is very useful for backing up your disk. However, it does not have encryption support. Competing software, e.g., rclone, do not support keeping multiple versions while saving bandwidth and disks pace (which rsync does when called with "--link-dest"). This project is aimed at providing an rsync version (or a new software) that provides encryption together with all the original rsync functionality.

​

​

הצגת נגישות לאימות דו שלבי במגוון פתרונות הזדהות

למשל Push Notification ,SMS ,Google auth, ההבדל בקושי בין מערכות ההפעלה, פתרונות הזדהות צד שלישי.

​

זיהוי תעבורה זדונית בפרוטוקולים שונים

למשל Https over SSH, SSH over DNS.

​

הסקת מסקנות אופרטיביות מניתוח תעבורה מוצפנת

למשל על בסיס נפח תעבורה וחריגה מ-Baseline.

​

זיהוי מגמות בפרוטוקולי הצפנה

ניתוח סטטיסטיקה על ה-DB של No more ransom.

​

זיהוי שירותים חשופים

ניתוח DB מבוסס Shodan לטובת זיהוי מגמות Misconfiguration בענן.

​