Oracle Labs at TADHack Brisbane

oracle labsTADHack 2017 in Brisbane was our first hackathon experience.  It was an opportunity to learn how to use and put together some of the existing established services to build a complex reporting software only in two days. TADHack is a telecommunication hackathon sponsored by several platform and API providers. We decided to use Matrix as a platform to publish and distribute reports from an intrusion detection system.

(Editor’s Note: hackathons are not only for hardcore coders, anyone can and should take part. This is a great example of a first-time hackathon team using TADHack to grow their skills, have fun, solve a problem that matters to them, and build interest / awareness from the rest of their organization.)

The Team

Our team consisted of  three researchers from Oracle Labs in Brisbane: Behnaz Hassanshahi, Francois Gauthier and Alexander Jordan. We do program analysis to find security vulnerabilities in different types of programs. We decided to attend TADHack (only few days before the event) mainly to get more familiar with existing platforms like Matrix and Oracle Cloud services.

Our Hack

The goal of our project was to find ways to distribute and demonstrate security analysis results of an intrusion detection system effectively. We decided to report attacks conducted towards Anki-Medrec, an open-source platform that provides eHealth APIs. We used Oracle Container Cloud services to run an extended version of this application.

When an attacker attempts NoSQL-injections into the Anki-Medrec application, our analysis reports these incidents to a pre-configured Matrix room. Security analysts are alerted in real time (we used the Riot clients for web and mobile for our demo) and can take immediate action. Based on metadata about the attack that we embed in the Matrix messages, we can visualize attacks using an Oracle Data Visualization cloud application, again in real time. All components for publishing and processing analysis reports were built using the Matrix Node.js SDK.

Our Experience

This hackathon was a fun and enjoyable experience. Apart from learning about several Oracle cloud products and the Matrix SDK, we had lots of technical discussions in our team and, even better, we could successfully show a winning demo live! Many colleagues have contacted us after seeing our demo on YouTube, and even received positive feedback from internal Oracle teams.

This hackathon was a good event for coming up with new ideas, learning about new technologies, and getting in touch with the community. We highly recommend it!