Indian Space Research Organisation (ISRO)

The Department of Space (DoS) is an Indian government department responsible for administration of the Indian space program. It manages several agencies and institutes related to space exploration and space technologies.The Indian Space Research Organization (ISRO) has been assigned the task of conducting the Smart India Hackathon 2017 on behalf of Department of Space. They have identified 53 problem statements.
Total Submissions : 5

A exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities in it to execute malicious code on client. Exploit kits are modular, allowing easy addition and removal of vulnerabilities and provides a user interface to control the settings, thereby automating the entire process of compromising a client. The exploit kit uses known available browser vulnerabilities and as soon as a client request reaches the web server running exploit kit (through traffic redirection), exploit kit checks the client browser for vulnerabilities and exploits it if the browser is found vulnerable and provides a remote shell of victim machine to control it. The participants are required to develop such a exploit-kit with a GUI

Students should form a small network of 2-3 computers with popular browser (chrome/firefox) installed. They should perform the exploitation on the browser using the developed kit from the other computer in the network and demonstrate the comprising and thereafter controlling the target machine.

Sample Data Required: No

Total Submissions : 4

Tools like veil-evasion have come up in recent times that are capable of bypassing anti-virus solutions. These tools use a lot of advanced evasion techniques, generates polymorphic payloads to avoid signature detection. Following techniques are used to evade detection:

  • Randomization of variable names and methods
  • Encryption of source
  • Native stagers (shellcode-less)
  • Method nops (randomizing program’s call tree via dummy methods)
  • Obfuscated loaders

Figure out solutions for better detection of each of these payloads.

Notes: For demonstration generate payloads using veil-evasion which is open source.

Sample Data Required: No

Total Submissions : 7

Honey pots and honey nets are well known method to detect the attack. However, it requires establishment of dedicated infrastructure for the same. Work out an approach to implement the solution in live environment. The solution should be able to implement honeypot/honey net on actual live services (not dummy services created as bait), without posing a serious threat of organisation’s security.

Student should implement a live server (website or webmail) and honeypot/honey net along with it. Student should simulate some known attacks on the server and the solution should be able  to detect the attack and redirect the attacker to honeypot/honey net and record his activities, path, his machines details and footprint.

Sample Data Required: No

Total Submissions : 7

If an organization is infected by ZERO-day virus attack, their antivirus solutions would not be able to detect the same. (Antivirus solutions depends on the virus signature and behavior which could be obtained only after their teams know about it. Zero-day attack is the first attack and hence Antivirus teams are not aware about the same). Advanced Viruses have self-spreading capabilities. Such Virus scans the machines connected on network to find out vulnerabilities of the remote machines. It will propagate by exploiting the vulnerabilities.

Students should simulate a small network of 3 Windows-7 or 10 to demonstrate the virus spread. Use machines without any anti-virus installed. Develop a small program pretending as Virus. It should be able to find out vulnerability of other machines connected on network and spread itself of other machines.

Sample Data Required: No

Total Submissions : 6

If an organization is infected by ZERO-day virus attack, their antivirus solutions would not be able to detect the same. (Antivirus solutions depends on the virus signature and behaviour which could be obtained only after their teams know about it. Zero-day attack is the first attack and hence Antivirus teams are not aware about the same). Advanced Viruses have self-spreading capabilities. Such Virus scans the machines connected on network to find out vulnerabilities of the remote machines. It will propagate by exploiting the vulnerabilities. An agent based solution is to be worked out to detect such propagation. Agent will run on all the machines. It will send abnormal behaviour or detected anomaly to the server for further automatic analysis to arrive upon conclusion.

Notes: Simulate a small network of 3 machines to demonstrate the virus spread. Use machines without any anti-virus installed and infect it with a self-propagating virus. At least one machine on the network should have vulnerabilities exploitable by the virus. Run agent-based solution on all the machines. The solution should be able to generate alerts about the virus infection/propagation.

Sample Data Required: No

Total Submissions : 7

Usage of public mailing service like gMail, Yahoo, etc. from government infrastructure is prohibited especially when organization provide own email service. There are large number of know mailing service and there could be unlimited unknown mail services. It is easy for anyone to setup his own mail server and start mail service easily using various tools. Google apps is one of such tool.

SMTP ports could be easily  blocked using a firewall but accessing mail service through webmail (HTTP/HTTPS) is still is a challenge. There might be unlimited mailing service hence blocking based on domain name is also not possible.

Work out a solution which can detect such an attempt to connect such web mail server using HTTP/HTTPS and block it.

Notes: Simulate a small network or a machine connected to Internet. Demonstrate that it blocks the access of gmail, yahoo mail, etc without blocking the domain or IP.

Sample Data Required: No