Applications are invited for the CYTHON 2024 by NCIIPC in Collaboration with the FITT, IIT Delhi. The last date for the registration is March 10, 2024.
About FITT, IIT DELHI
The Foundation for Innovation and Technology Transfer (FITT) at IIT Delhi has been the vanguard of knowledge transfer activities from academia since its inception in 1992. This techno-commercial organization from academia is counted among the successful organizations of this type. FITT provides superior program management services and is steadily increasing its operational landscape.
The varied roles of FITT can be seen in enabling innovations and technopreneurs, business partnerships, technology development, consultancy, collaborative R&D; technology commercialization, development programs, and corporate memberships, among others. These roles are necessitated by the key agenda of the foundation to showcase the institute’s “intellectual ware” to the industry, thereby unlocking its knowledge base and inculcating industrial relevance in teaching and research at IIT Delhi.
About CYTHON 2024
Cython 2024, an initiative by NCIIPC (a unit of NTRO), in collaboration with the FITT, IIT Delhi, is a premier platform aimed at fostering innovation and entrepreneurship in the deep-tech domain.
Cython 2024 catalyses groundbreaking ideas into tangible solutions by providing participants with the necessary resources, mentorship, and networking opportunities.
Participants of Cython 2024 will embark on a transformative journey, from ideation to prototype development, guided by industry experts, seasoned mentors, and domain specialists. The program offers a unique blend of workshops, hands-on sessions, expert talks, and networking events, culminating in a grand showcase of innovative solutions.
Cython 2024 is not just a hackathon; it’s a launchpad for aspiring technopreneurs to transform their ideas into impactful ventures. Join us in shaping the future of technology and making a meaningful difference in society. Let’s unleash the power of deep-tech innovation together at Cython 2024!
Hackathon Challenges
Android Security: Development of Android Security Framework based on OWASP Mobile Top 10 2023 Vulnerabilities
The current MobSF Version is validated against the OWASP Mobile Top 10 2016. However, OWASP Mobile Top 2023 Vulnerabilities are also available. Therefore, the team must create and develop an Android security framework or solution that performs a static analysis of Android applications and maps the vulnerabilities found towards the OWASP Mobile Top 10 Vulnerabilities. Moreover, it should include an analysis of Signatures, Certificates, App Components, Permissions, Native libraries, ApklD, browser activities, Manifest, Code, Domain Malware, URLs, Trackers, etc.
It should also include the provision of performing dynamic analysis on Android applications with features such as SSL Certificate Pinning, Frida Scripts Hooking and Injection, Root Detection/Jail-breaking, Code Tampering, and Reverse Engineering. The solution will be evaluated on any of the latest Android applications.
Android Security: Development of tool for Android kernel Debugging enabling vulnerability analysis
Most commercial phone models do not allow root privileges to the user for vulnerability analysis, but it is possible to flash the modified firmware to obtain root privileges (Magisk, etc.). However, there is no readymade solution to flash the phone(for models other than a pixel) with the gdb server running and enabling remote kernel debugging.
POC can be built for any specific phone model (which runs custom ROMS such as Samsung, Xiaomi, OPPO, etc.) by modifying the firmware to include a GDb server and flash the phone with modified firmware, and remote kernel debugging may be demonstrated. The tool may be built to automate the procedure of modifying the firmware to include a debugging interface:
- The tool’s input will be the Android firmware source. The tool should be able to build an image and enable kernel debugging.
- The expected output is firmware with debugging capabilities, which can be flashed on the phone.
The solution will be evaluated against:
- No. of phone models demonstrated.
- Efficacy of tool.
Authentication Security: Development of Customisable browser extension in Email & Web Login portals
- To develop a customisable browser extension that can read HTTP/https session parameters (cookies & CSRF tokens) of a particular domain and post these parameters to a specified server.
- Further, the extension must find a specific hyperlink on the current page and modify this to test.com.
- The exact hyperlink will be specified later). The complete solution shall also work on non-English websites. Evaluation: The extension will be installed on a Chromium-based browser (latest version).
- After that, any popular commercial web service (e.g. Gmail) would be accessed, and an authenticated session would be established. Extension should be able to read authenticated session parameters and post these to the specified server. During the evaluation, higher weightage would be given to those extensions that generate the least browser warnings/permission requests.
- A specific website would be accessed for the content modification with the required hyperlink present.
- The user would click the hyperlink, and the website should be redirected to test.com.
Web Security: Development of Automated Web Pentesting & Vulnerability Discovery tool
Web applications form an integral component of any organisation. It might as well be termed as one of the main precursors for cyber-attacks and breaches for an organisation. While manual vulnerability identification can be tough and mundane, automated tools often focus on a single class of vulnerability or lack the depth to identify complex attack vectors.
The team is supposed to develop a tool that assesses a given target for a wide class of vulnerabilities. The vulnerability class should not be limited to OWASP TOP 10 2017 and 2021. The team should emphasise vulnerability classes such as file upload leading to RCE vulnerability, NoSQL injection and deserialisation attacks. Submissions will be judged on the following criteria:
- Number of attack classes discovered.
- The report was generated by the tool to ensure uniformity in assessment.
- Submissions will be running against the organiser’s provided target.
Fuzzing: Development of Dependency Aware Linux Kernel-based Fuzzer
Linux kernel is one of the most popular OS kernels widely used globally. A vulnerability in the Linux kernel can adversely affect majority of devices out there. Code analysis and fuzz testing are one of the more prominent ways to find vulnerabilities within software. However, kernel fuzzing is exponentially tough as compared to normal userland application fuzzing.
This can primarily be attributed to a large number of dependencies in kernel space and the inability of user-land fuzzers to fulfil these dependencies. For instance, a global variable defined in kernel space can be altered based on a number of variations in the invocation of the branch/ syscalls. It is highly cumbersome for the userland fuzzes to map such variations to perform efficient fuzzing for such kernel codes and thus deeply limit the code coverage of the fuzzes. The team is required to develop a Linux kernel-based fuzzer that has the capability of resolving unknown dependencies encountered while fuzzing. Evaluation will be based on the following factors –
- Number of dependencies identified.
- The amount of code coverage achieved.
In order to ensure uniformity Team will use the latest linux version greater than v6.0 with minimum fuzzing run time.
Why should you Apply?
- Participation Certificate
- Swags and Goodies
- Cross-disciplinary Collaboration
- Real World Solutions
- Mentorship & Networking Opportunities
Top 5 Selected Teams will receive the following benefits
- Prize worth INR 15 Lakhs*
- Winner’s Certificate
- Swags and Goodies
- Real World Solutions
- Engagement opportunities with FITT, IIT D & NCIIPC (a unit of NTRO)
- Networking Opportunities
Who Should Apply?
- Students
- Entrepreneurs, Working professionals, Faculties and Researchers
- Aspiring Indian startups at the ideation stage or at the pre-MVP/ prototype stage
Program Schedule
- Registration Starts: 26th February 2024.
- Registration Ends: 10th March 2024.
- Selection Results: 19th March 2024.
- Hack-Day: 6th April, 2024.
How to Register?
Interested candidates can directly register through this link.
Contact Details
- tidefitt[at]gmail.com
- +91 9532476087 (Dewansh Poddar)
- Time: 9:30 AM – 5:30 PM (IST)