100 Days Challenge

100 Days Challenge – 2023 Edition

Why join the competition:

Join us in the competition to discover the world of cyber security and test your skills in the field. Get immersed in the cyber journey that Dubai offers and learn how to add value to the region. Participants will go through the 100 Day Challenge and experience truly what it takes to be a cyber expert. Working on a real-life solution to gain knowledge and expertise, as well as contribute to the world of cyber security. Not to mention get the chance to win a cash prize for the efforts.

The challenge brief:

In recent years, a major concern facing IT servers is regarding the increase of Web Shell vulnerabilities. According to Microsoft, 140,000 Web Shell malicious activities were registered between 2020-2021. (ClickSSL, 2022). With the constant rise of cyber-attacks in the server environment, the need for a solution that detect and protect the servers is imperative.

Web Shell attacks are when a hacker injects malicious files into targeted directory within a web server. It then compromises the web server it attacks, which may lead to other malicious activities and vulnerabilities.

The objective of the challenge is to build an open-source solution to detect, prevent and alert users, the moment an incident occurs. The solution should follow best practices in development and security and can integrate with other technologies through any API’s. All proposed solution should include. An alert system or a dashboard for easy viewing. A resolution or action item after alerts are generated. All programming languages are applicable. Solutions should be capable of storing data, once an alert is advised. A database of insights and responses generated is ideal. Finally, any solution included new technologies such as AI, Chat GPT will be highly valued.

Competition prerequisites:

• Open to the general public, anyone with an interest or background in technology and/or cyber security
• Open to all ages
• Solutions can be developed by one individual, or in groups up to a maximum of 5 individuals
• Solutions submitted must be a working /running solution (not a prototype)
• Solution should be open-source (not a vendor-based solution)
• The winning solution and its intellectual property will be wholly owned by Dubai Electronic Security Center after the competition closes

Competition steps:

• Step 1: The 100 Days Challenge officially opens on day one of GISEC (March 14th, 2023) and will close on June 21st, 2023 .
• Step 2: Participants must register their interest to enter the competition, form can be found below.
• Step 3: Following registration, a technical submission form will be emailed to challenge participants to fill in and submit before the last day of the competition June 21st, 2023.
• Step 4: Submission forms must include the code of the solution for evaluation purposes.
• Step 5: Following the submission, all forms will be reviewed and the top 5 proposals, will be invited for a live demonstration and explanation of their solution with a judging panel of Cyber Security experts.
• Step 6: The top 3 candidates will then be invited to attend an award ceremony to announce the grand prize winner.
• Step 7: 20,000 AED prize will then be awarded..

Prize:

An amazing AED 20,000 cash prize for the winning individual or group.

Contact:

Final submission of all technical proposal due no later than the final day of the competition – June 21st, 2023. Any additional questions, please reach out to info@dcipark.gov.ae

Literature references:

ClickSSL. (2022, 8 9). What Are Web Shell Attacks? A Definitive Guide to Detection & Protection. Retrieved from ClickSSL:
https://www.clickssl.net/blog/web-shell-attacks#:~:text=According%20to%20Microsoft%2C%20more%20than,to%20the%20simplicity%20of%20execution

Shier, J. (2022, June 22). Active Adversary Playbook 2022 Insights: Web Shells. Retrieved from Sophos:
https://news.sophos.com/en-us/2022/06/22/active-adversary-playbook-2022-insights-web-shells/