TRUST matters

April 2024

Cracking the Code: TL's FOSSx Challenge

Foss enthusiasts nationwide explored open-source tools, presenting their solutions before a jury. Now, anticipation mounts for the Summer of Code, promising further advancements in open-source technology.

On November 17, 2023, Trust Lab threw a cahllenge to FOSS enthusiasts nationwide, inviting them to explore and contribute to the world of open-source technology. The challenge spanned three months, from December to February, featuring staggered deliverables across the timeline. Spearheaded by Professor G. Sivakumar and our intern Palak Chopra, the challenge focussed on a curated list of FOSS tools in three categories: defense, attack, and forensics.

The challenge was simple but tough: participants solo or in teams of two had to work on an assigned open-source cybersecurity tool and write a detailed white paper about what they found and how they could make it even better. They had three months (December – February) to work their magic.

Applications poured in thick and fast, with around 188 enthusiasts from across the nation signing up for the challenge in no time! Then began the burning of the midnight oil as the selected participants had to submit several staggered deliverables across the month of December—no they were not having a vacation.

After multiple rounds of proposal review and online presentations, only 12 teams made it to the final round. These 18 finalists were a diverse bunch, with different backgrounds and talents, but they all shared one thing in common: a desire to push the limits of what’s possible.

On February 22nd, the finalist teams presented their work at IIT Bombay campus before a distinguished five-member jury, followed by an open exhibit. The atmosphere was electric with anticipation and excitement.

February 23rd – the grand finale of the FOSSX Challenge – was a day packed with excitement, insights, and celebration. The prize-giving ceremony started with Professor G. Sivakumar, the driving force behind this incredible initiative, taking to the stage.

Prof. S. Sudarshan (Deputy Director of AIA, IIT Bombay) and Dr. Shridhar Shukla (Founding Donor,  IITB Trust Lab) painted a vivid picture of the future of cybersecurity and the crucial role that open-source technology will play.

A special mention goes to Dr. Shailendra Mishra (IPS) DIG Mumbai who captivated the young audience with his engaging talk on the challenges in national security and the promising future that lies ahead for passionate coders. The formal prize-giving ceremony organically transformed into an engaging huddle, with participants gathering around Dr. Mishra to ask questions and absorb his wisdom.

The top three teams walked away with cash prizes from a total pool of INR 50,000. Two other teams also got “Honorable Mention” for their hard work and dedication. 

FOSSx Winners

First Postion | Team Mirai |Aditya Singh

Second Postion | Team 4chain|Ishwar Kumar

Third Postion | Team CyberCharge | Darshan Chheda & Pranjal Tiwari

Honourable Mention| Team Oreo|Aryan Kashyap & Ganesh Patil

Honourable Mention | Team Abhedya | Spaarsh Thakkar

But the real reward? The pride of knowing they’d made a real difference in the world of open-source technology. 

Palak Chopra, the workhorse behind the FOSSX Challenge, was a featured speaker at FOSSMeet’24 hosted by NIT Calicut. In her talk, Palak highlighted the importance of Security Operations Centers (SOC) and discussed the limitations of proprietary SOC tools, emphasizing how FOSS offers effective solutions. She also shared the inspiring journey of the FOSSx Challenge by Trust Lab and introduced the attendees to its sequel – the upcoming Summer of Code.

Behind the Scenes - Palak Chopra

The main requirement was that the tools had to be Free and Open Source, which means they were approved by the Open Source Initiative and could be used for digital security purposes. We also applied our own judgment when selecting the tools.

Working on an initial guiding list of 11 tools provided by Professor Siva, we worked our way up to 19 tools.

These tools ranged from their application in defense to attack to forensics to often somewhere in between:

  • Network monitoring or analysis tools like Wireshark, Zeek, Suricata and Malcolm;
  • Vulnerability scanners like Nikto, OpenVAS;
  • SIEMs and XDRs like xcitium, Wazuh;
  • Post-incident forensics tools like Guymager, The Sleuth Kit and GRR Rapid Response.
  • Even reverse engineering software like Frida

They were selected keeping in mind their contribution to the functionality diversity of the existing pool. So if a tool that is not already in the list would only get added if it focused on a region unexplored by the other tool OR if it seemed to be a better alternate to its functionally closest tool.

Tools like Suricata and Zeek were opted due to their known compatibility. Wazuh was chosen for being the updated forks of their counterparts and Guymager, while having limited variations over its alternatives, was chosen due to its actively contributing community.

It was also very important for the tools to be able to fit into it’s parent project. We intended to use these white papers as a point of reference for the integration of these tools in a much larger Security Operations Center that is powered entirely by Free and Open Source tools

You may find our collated overview of these tools along with their uses and relevant links here: Link

But the fun doesn’t stop there – the FOSSX Challenge has set the stage for an even bigger and better sequel: the Summer of Code. This time around, participants will be invited to suggest ways to make existing open-source tools even better or propose new ways to combine different tools. It’s like a giant puzzle, with everyone working together to create something truly amazing.

But the fun doesn’t stop there – the FOSSX Challenge has set the stage for an even bigger and better sequel: the Summer of Code. This time around, participants will be invited to suggest ways to make existing open-source tools even better or propose new ways to combine different tools. It’s like a giant puzzle, with everyone working together to create something truly amazing.

So buckle up, because the world of cybersecurity just got a whole lot more exciting!

A huge thank you to our Knowledge partners MUKTI, without whose support the FOSSx Challenge would have been half as impactful (and half as fun).

Insights from the FOSSx Challenge
- Het Joshi (Founder, MUKTI)

In the dynamic landscape of technology, the Free and Open Source Software (FOSS) movement stands as a beacon of innovation, collaboration, and inclusivity. Recently, the FOSSx Challenge served as a testament to these values, bringing together bright minds from diverse backgrounds to push the boundaries of what’s possible in the realm of open-source software.

As a knowledge partner through MUKTI – our student community, the event held special significance. We had the pleasure of guiding and mentoring about 200 teams from across the country. It was not merely a competition but a celebration of creativity, teamwork, and the spirit of giving back to the community. Participants, ranging from seasoned developers to enthusiastic newcomers, showcased their talents, exchanged ideas, and forged lasting connections.

The relevance of these Open-Source Cybersecurity Challenges in today’s world cannot be overstated. In an era where technology is ubiquitous and its impact profound, fostering an environment where collaboration thrives is essential. These challenges serve as incubators for innovation, providing a platform for individuals to leverage their skills for the greater good. Moreover, they play a crucial role in democratising technology, making it accessible to all and empowering individuals to shape the future.

Reflecting on the event, it was inspiring to witness the sheer diversity of ideas and suggested improvements to the projects presented. From enhancing accessibility in software to tackling pressing security issues, the range of topics covered was both impressive and heartening. It reaffirmed the belief that technology, when harnessed for the right purposes, has the power to drive positive change and empower communities.

As we look ahead, events like the FOSSx Challenge serve as catalysts for progress, driving innovation, and fostering a culture of collaboration that transcends boundaries. They remind us that the true essence of technology lies not in its complexity but in its ability to unite us in a shared pursuit of knowledge and excellence.

In conclusion, I extend my heartfelt appreciation to the entire Trust Lab team and everyone else who made the FOSSx Challenge a resounding success. Your passion, dedication, and commitment to the principles of open source have not only enriched our lives but also laid the foundation for a future where technology serves as a force for good.