Tag Archives: security

Killing It at AngelHack 2011 ~ San Francisco

Having taken a recent interest in behavioral analytics, I devised a perfect hackathon project. The idea was simple; bring behavioral analytics to the masses by building a super lightweight platform with brain dead simple RESTfull event calls. Once the hooks were in place for any given website, we could monitor the site’s usage in real-time to alert the owner in the event of abhorrent behavior. Given that most website owners’ see their site as a black box, this product would give them huge insight into how their site is being used and abused. In addition, it would provide an audit trail for determining where vulnerabilities exist in the business logic layer. Already teamed up with Ben from Box, I discussed the idea with him and he, having a passion for security as well, was stoked. Later that evening, we begin thinking through the details of the platform. 

The morning of the hackathon we pulled together the final details of the project. We set up a server with the usual LAMP stack and memcache for speed. We utilized the Yii framework to facilitate the mundane aspects of creating a new website (Active Record, MVC, etc) and finalized the design of the database in MySQL. We left the designs until last because our main focus was creating an actual platform that would be demo-able in 24 hours. In the end, our final design resembled a standard dashboard with a “twitter” feed of hack alerts.

At 5 pm, the contest began and we immediately set to work on creating our platform. We had loaded up on sugar and caffeine, so we were amped up and ready to roll. Ben took the database implementation, creation of the models and set up of the REST hooks. I took the creation of the AJAX hook code, implementation of the dashboard and hooking the final pieces together.

The implementation of all pieces continued throughout the night with continued doses of caffeine and sugar. We began to see that our concept was too ambitious to complete in the time allotted, so we scaled back to only what was necessary for the demo and to illustrate the feasibility of the idea. This scale back ended up saving us in the end as we finished the implementation with 30 minutes to spare.

The long night was over and the presentations began at 6 pm. With over 35 teams competing, it took over 2 hours to get through all the presentations and there were some fantastic concepts being put forward. Ben and I were still enthralled with our own idea, but began to have doubts if we could truly take any award home. One after another the presentations continued. At 9 pm, it was time to announce the winners.

With great acclaim and response from the judges, our team won first prize to a roomful of applause. We had successfully killed it at the hackathon.

Check out the site here: bluedragonsec.com

Ben Trombley and I after winning the hackathon