HiTB Challenge: IRMA

Contribute to IRMA and enter for your chance to win a free ticket to Amsterdam to attend the HITB security conference.

Challenge description:

IRMA (Incident Response & Malware Analysis) is a multi-scanner framework for identifying and analyzing suspicious files. The framework is a 3 part system, with a frontend, a broker referred to as brain, and multiple analysis engines called probes:

  • The frontend simply exposes a web API to various kinds of clients (web client, cli client, etc.)

  • The brain dispatches analysis requests to the analysis engines

  • The probes perform analysis on files and send back their analysis reports.

As an open-source framework, IRMA can modified in various ways and at various levels to fit perfectly to your needs. One can add probes implementing new analysis on files: a sandbox probe returning the trace of an execution, a PDF probe extracting as embedded javascript code, an MS-Office document probe extracting embedded macros, etc. One can also plug new clients (or "submitters") to send files to IRMA and deal with the analysis results. The only limit is your imagination.

Take part to the IRMA HiTB Challenge and share your vision of the future.

Deadlines:

  • Submit your code before the 8th of May 2015

  • Results will be given on the 15th of May 2015.

Valid submissions:

  1. Develop your own IRMA probe

  2. Develop your own submitter based on the API

  3. "Random" Contribution on IRMA. Improve some internals of the IRMA project or create new sexy application based on IRMA.

Submit your code by starting a pull request in the official repositories (https://github.com/quarkslab/irma-{brain,probe,frontend}), and take your chance to win a free ticket to the conference and more:

Ranking criteria:

  • Innovation, interest of the feature

  • Code quality

  • Completeness of the contribution (docs, automated install, installation difficulty, etc.)

Rank #1 - Conference Ticket + Travel expenses up to 700€ + beers with the devs
Rank #2 - Conference Ticket + Travel expenses up to 300€ + beers with the devs
Rank #3 - Beers with the devs

Useful resources:

  • If you need some introduction on IRMA, go to http://irma.quarkslab.com

  • If you need a guideline for probe development, read this blogpost

  • Check the dynamic documentation powered by swagger in frontend code

  • If you need help, reach us on #qb_irma@freenode or on twitter at @qb_irma.

If you would like to learn more about our security audits and explore how we can help you, get in touch with us!