GeekWeek V is happening this week. This year is the fifth year for GeekWeek, and it’s the biggest one yet! There are just under 200 participants, divided into four teams. The teams have developed their project ideas, and participants were grouped by field of interest and expertise. Here’s a summary of their projects, based on interviews with them.
Team 1 – The Search for Emerging Threat Intelligence (SETI)
Team 1’s project involves searching for malware using Raspberry Pi and Honeycloud. Attackers use bots to scan the web for vulnerable entry points; this project offers them a point of entry. Raspberry Pi will be used to lure attackers to it and will give an alert when attacked. Deploying honeypots in the cloud will allow us to perform large-scale undertaking and gather more and better malicious artefacts. Once artefacts are gathered, in-depth behavioral analysis can take place. By building new and better dream worlds, we will fool more malicious samples into revealing their true identity.
Team 2 – Information Sharing Systems (ISS)
Team 2’s project involves developing better ways of information sharing. Information sharing is crucial, but some organizations don't have the ability to use that information effectively or are not sufficiently equipped to act on indicators of compromise (IoCs). Having knowledge structured in a common graph format has many advantages. Based on last year’s GeekWeek, this team will unleash some graph analytics. We also need to share this knowledge with our stakeholders. This team will use our REST API to access these data and integrate it with their own projects, including the integration with security information and event management (SIEMs). A REST API is a popular way for systems to expose useful functions and data to consumers over the Internet.
Team 3 – Notification, exploration and observation of objects of online origin (NEO4)
Team 3’s project involves evaluating the health of the internet by ranking malicious IP ranges and rating them in terms of malicious activities. This concept was developed at a previous GeekWeek, in which they developed scorecards, which offered a visualisation of attacks on IP addresses. Team 3 is taking the previous product and making it easier to use. This involves working on command and control nodes and phishing alerts. This team will extend the prediction time scale of random/non-random events. From there, we can add more data sources to enable us to create remediation plans based on threat scoring.
Team 4 – Malfinder
Team 4’s project involves using machine learning to analyze malware. As technology is rapidly evolving, the attack surface simply gets larger and larger, and opportunities for the adversary to intrude in our infrastructure are flourishing. This year at GeekWeek, this project will look at some new challenges involved in malware analysis. This involves using machine learning to identify and categorise malware, working on how to infiltrate botnets to reverse command and control, to conduct memory analysis of malware, and collaborating with RCMP, banks, telecommunications companies, and industry to collect virus clues to identify who's behind the malware (using real world data).
Team presentations and closing remarks take place Friday, October 26th.