Applications are invited for the CYTHON 2024 by NCIIPC in Collaboration with the FITT, IIT Delhi. The last date for the registration is March 10, 2024.
The Foundation for Innovation and Technology Transfer (FITT) at IIT Delhi has been the vanguard of knowledge transfer activities from academia since its inception in 1992. This techno-commercial organization from academia is counted among the successful organizations of this type. FITT provides superior program management services and is steadily increasing its operational landscape.
The varied roles of FITT can be seen in enabling innovations and technopreneurs, business partnerships, technology development, consultancy, collaborative R&D; technology commercialization, development programs, and corporate memberships, among others. These roles are necessitated by the key agenda of the foundation to showcase the institute’s “intellectual ware” to the industry, thereby unlocking its knowledge base and inculcating industrial relevance in teaching and research at IIT Delhi.
Cython 2024, an initiative by NCIIPC (a unit of NTRO), in collaboration with the FITT, IIT Delhi, is a premier platform aimed at fostering innovation and entrepreneurship in the deep-tech domain.
Cython 2024 catalyses groundbreaking ideas into tangible solutions by providing participants with the necessary resources, mentorship, and networking opportunities.
Participants of Cython 2024 will embark on a transformative journey, from ideation to prototype development, guided by industry experts, seasoned mentors, and domain specialists. The program offers a unique blend of workshops, hands-on sessions, expert talks, and networking events, culminating in a grand showcase of innovative solutions.
Cython 2024 is not just a hackathon; it’s a launchpad for aspiring technopreneurs to transform their ideas into impactful ventures. Join us in shaping the future of technology and making a meaningful difference in society. Let’s unleash the power of deep-tech innovation together at Cython 2024!
The current MobSF Version is validated against the OWASP Mobile Top 10 2016. However, OWASP Mobile Top 2023 Vulnerabilities are also available. Therefore, the team must create and develop an Android security framework or solution that performs a static analysis of Android applications and maps the vulnerabilities found towards the OWASP Mobile Top 10 Vulnerabilities. Moreover, it should include an analysis of Signatures, Certificates, App Components, Permissions, Native libraries, ApklD, browser activities, Manifest, Code, Domain Malware, URLs, Trackers, etc.
It should also include the provision of performing dynamic analysis on Android applications with features such as SSL Certificate Pinning, Frida Scripts Hooking and Injection, Root Detection/Jail-breaking, Code Tampering, and Reverse Engineering. The solution will be evaluated on any of the latest Android applications.
Most commercial phone models do not allow root privileges to the user for vulnerability analysis, but it is possible to flash the modified firmware to obtain root privileges (Magisk, etc.). However, there is no readymade solution to flash the phone(for models other than a pixel) with the gdb server running and enabling remote kernel debugging.
POC can be built for any specific phone model (which runs custom ROMS such as Samsung, Xiaomi, OPPO, etc.) by modifying the firmware to include a GDb server and flash the phone with modified firmware, and remote kernel debugging may be demonstrated. The tool may be built to automate the procedure of modifying the firmware to include a debugging interface:
The solution will be evaluated against:
Web applications form an integral component of any organisation. It might as well be termed as one of the main precursors for cyber-attacks and breaches for an organisation. While manual vulnerability identification can be tough and mundane, automated tools often focus on a single class of vulnerability or lack the depth to identify complex attack vectors.
The team is supposed to develop a tool that assesses a given target for a wide class of vulnerabilities. The vulnerability class should not be limited to OWASP TOP 10 2017 and 2021. The team should emphasise vulnerability classes such as file upload leading to RCE vulnerability, NoSQL injection and deserialisation attacks. Submissions will be judged on the following criteria:
Linux kernel is one of the most popular OS kernels widely used globally. A vulnerability in the Linux kernel can adversely affect majority of devices out there. Code analysis and fuzz testing are one of the more prominent ways to find vulnerabilities within software. However, kernel fuzzing is exponentially tough as compared to normal userland application fuzzing.
This can primarily be attributed to a large number of dependencies in kernel space and the inability of user-land fuzzers to fulfil these dependencies. For instance, a global variable defined in kernel space can be altered based on a number of variations in the invocation of the branch/ syscalls. It is highly cumbersome for the userland fuzzes to map such variations to perform efficient fuzzing for such kernel codes and thus deeply limit the code coverage of the fuzzes. The team is required to develop a Linux kernel-based fuzzer that has the capability of resolving unknown dependencies encountered while fuzzing. Evaluation will be based on the following factors –
In order to ensure uniformity Team will use the latest linux version greater than v6.0 with minimum fuzzing run time.
Interested candidates can directly register through this link.