Internships on CIRCL

Higher Technician Certificate - Student Internship Position(s) Topics (BTS-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - Higher Technician Certificate - Student Internship Position(s) Topics (BTS-01)

Topics to choose from

Extending MISP dashboard Widget to support new visualisation (e.g. sighting overview or others)
GitHub OSINT collection to import in MISP including specific cases such as DDoS tooling or similar
Analyse and extract common-crawl data to improve scanning strategies to find vulnerable infrastructure
Improve MISP warning-lists to include other potential source of false-positive
Evaluate existing datasets and do a quality control on its included filenames, file contents
Cross check meta data and resources of CIRCL opendata sets
Cross check CIRCL operational statistics by correlating graphs and raw data export (https://www.circl.lu/opendata/)
GeoOpen MMB evaluation GEO Open. Evaluate the completeness on MMDB files and document the differences between files
GeoOpen evaluation of address based on RIR data
Develop a D4 analyzer to generate Allaple worm and other statistics
Compile, test and evaluate d4 clients on BSD systems
Evaluate and improve false positives of address identifications in Luxembourg in leaked data
IoT firmware collection (based on deployed IoT in Luxembourg) and feed it in hashlookup
Investigate what’s possible with malware hidden in NTFS Alternate Data Streams - ADS
Will malware protected by NTFS $BadClus / FAT Bad Sector mechanisms survive a re-installation / re-format

Qualification

Must be a EU citizen with an ongoing Higher Technician Certificate training in Luxembourg
Must have a high-level of ethic due to the nature of the work
Must be fluent in English and git (and a strong willingness to learn new techniques)

How To Apply

The application package must include the following in ASCII text format (language: English):

MSc Student Internship Position (BGPRanking-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - BGP Ranking - Expanding functionalities

BGP Ranking is a software that rank Autonomous System based on the amount of malicious IPs they announce.

The internship can include the following tasks (the list is non-exhaustive):

Review the existing code base
Add more data sources
Improve the data representation
Allow to load older datasets
Improve caching of country graphs
Make graphes clickable
Improve and open the API and support for open data
Connect the web interface to other services
Any kind of cool stuff we will think of during the internship

Qualification

Must have a valid work permit in Luxembourg.
Must be eligible for an MSc student internship in the field of information security and/or computer science.
Must have a high-level of ethic due to the nature of the work.
Must be fluent in English.
Good knowlege in web development.
Interested in writing code in Python3.6+, CSS and JavaScript (D3.js v5+)
Know git basics.
Has a a strong willingness to learn new techniques.

How To Apply

The application package must include the following in ASCII text format (language: English):

MSc Student Internship Position (CCL-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - CIRCLean

CIRCLean is an hardware solution to clean documents from untrusted (obtained) USB keys / USB sticks. The aim of the internship position is to increase the amount of formats supported by the device by using the python library PyCIRCLean, review the security of the current implementation, document and streamline the setup of CIRCLean on a RaspberryPi and on a desktop.

Qualification

Must be a EU citizen with a valid work permit in Luxembourg
Must be eligible for an MSc student internship in the field of information security and/or computer science
Must have a high-level of ethic due to the nature of the work
Must be fluent in English, Unix, Python and git
Contribution performed under this MSc internship will be released as free software

How To Apply

The application package must include the following in ASCII text format (language: English):

MSc Student Internship Position (CCL-02)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - IMAP Proxy to sanitize attachements

Use PyCIRCLeanMail as a base component for a standalone email sanitizer. The recommended library to use for the IMAP proxy is imapfw but the student should do a review of the existing solutions.

More details on the way to implement such a solution are available in this github issue.

Qualification

Must be a EU citizen with a valid work permit in Luxembourg
Must be eligible for an MSc student internship in the field of information security and/or computer science
Must have a high-level of ethic due to the nature of the work
Must be fluent in English, Unix, Python and git
Should have basic knowledges about the IMAP protocol
Contribution performed under this MSc internship will be released as free software

How To Apply

The application package must include the following in ASCII text format (language: English):

MSc Student Internship Position (CRL-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Certificate Revocation Monitoring

The aim of this project is to develop and extend a solution helping CSIRT operators to track X.509 the certificate revocation process. The candidate will work on a project to extend the existing datastore of the certificate revocation monitoring system.

Qualification

Must be a EU citizen with a valid work permit in Luxembourg
Must be eligible for an MSc student internship in the field of information security and/or computer science
Must have a high-level of ethic due to the nature of the work
Must be fluent in English, Unix, Python and git

How To Apply

The application package must include the following:

MSc Student Internship Position (forensic-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Profiling and baselining common user-space software for forensic analysis

The aim of this project is to provide an automatic approach to differentiate changes on operating system level by common user-space software. As system forensic can be difficult due to the impact of user-space software. The project aim is to reduce the analysis of artifacts for forensic analysts. The goal is the creation of practical tools to extract the artifacts (using standard forensic tools like Sleuthkit/TSK,…). Then providing techniques to differentiate known artifact creation from unknown ones.

MSc Student Internship Position (HONEYPOT-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Improving analysis and visualization of existing honeypot analytic software

The aim of this project is to evaluate existing visualization approach used in existing honeypot analytic software and others. Especially reviewing current visualization approaches used in various existing tools like Moloch.

In addition, the project includes the current review of the parsing and analysis tools to ensure streamline integration with additional tools like yaf, tshark or similar.

MSc Student Internship Position (INFRA-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Improvement of Virtualisation and Orchestration of Training Infrastructure

The aim of this project is to improve and implement new virtualisation, automation and orchestration techniques for the training infrastructure used at CIRCL and NC3.

In the different projects operated by CIRCL including MISP, Flowintel, MONARC and AIL, a series of virtual-images are automatically generated to support users.

The project is to improve the current automation model to bring the virtual-images into a simulated environment where the setup is automatically performed to support training at CIRCL.

MSc Student Internship Position (Lookyloo-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Analyse, visualise and export HTTP Archives (HAR)

Lookyloo started as a side project aiming to help internal teams in media organisations to have an overview of the content loaded on their websites. It is now used on a daily basis by CIRCL in order to analyse phishing and other malicious websites in the context of incident response.

The current status of the system makes it relatively simple for an analyst to understand what is going on for a simple website, but it is a lot more complex for big websites, often loading massive amount of contents from a vast array of 3rd party services.

MSc Student Internship Position (MAL-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Extending Viper Datastore

Viper is a binary analysis and management framework. Viper only supports a single malware analyst working on a viper session/project. The aim of the internship position is to extend viper to support a concurrent datastore along with multiple users sharing projects within Viper sessions. A different approach (more convenient for road-warriors and commuters) would be to create an ‘offline’ viper instance that has the ability to export/import/synchronize projects with other viper instances.

MSc Student Internship Position (MAL-02)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Improving Radare2 to support automatic integration with MISP

Radare2 (r2) is a portable reversing framework allowing to disassemble many different architectures. The internship is to improve Radare2 on different aspects:

Improving function detection mechanisms in r2.
Extending r2 to support the export to MISP and especially MISP objects representing disassembled binaries.
Improving test-cases in r2 in order to support a reliable operation in (at least) the two above requirements.

Qualification

Must be a EU citizen with a valid work permit in Luxembourg
Must be eligible for an MSc student internship in the field of information security and/or computer science
Must have a high-level of ethic due to the nature of the work
Must be fluent in English, Unix, Python, C and git
Contribution performed under this MSc internship will be released as free software under compatible licenses with r2 and MISP

How To Apply

The application package must include the following in ASCII text format (language: English):

MSc Student Internship Position (MISP-01)

Mon, 01 Jan 0001 00:00:00 +0000

The aim of this project is to analyse existing technical and non-technical indicators within MISP platforms and develop a software prototype to display easily accessible information for non-technical users having roles in information security like risks managers, internal or external auditors or lead management.

The candidate will design and develop a web-based interface to query the MISP API and create new overlay to support the summarization of information security threats by security analysts.

MSc Student Internship Position (MISP-03)

Mon, 01 Jan 0001 00:00:00 +0000

MISP is an application that first allows users to share and collaborate on threat information. The aim of the internship would be to extend the platform using optional gamification features that promotes active sharing. This would include scoring and achievements of users based on participation, community feedback on data they provide and activities such as information validation of 3rd party data as well as the displaying of public user profiles along with earned achievements, statistics and leaderboards.

MSc Student Internship Position (MISP-04)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - In-depth statistical analysis of MISP OSINT feeds

MISP is an application that first allows users to share and collaborate on threat information. In order to facilitate its use for new users OSINT data feeds are provided such as those listed in MISP communities.

These feeds should be evaluated in dept in a reproducible and automated manner.

The core activities will be focused on statistical analysis of feed data trying to assess the sharing activities.

MSc Student Internship Position (MISP-05)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - MISP sighting stress testing

MISP is an application that first allows users to share and collaborate on threat information. One feature is the sighting of attributes which gives an indication about the presence of an attribute. This task will focus on the generation and evaluation of datasets meant for testing the performance of existing MISP sightings data structures.

The internship will include the following tasks:

MSc Student Internship Position (MISP-06)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - MISP - in-depth unit testing

MISP is a widely adopted threat information sharing platform handling the processing and sharing of threat information for a wide range of sectors ranging from security vendors through critical infrastructure to the military.

Currently the testing of the software is handled via functional test suites, but with the ever increasing complexity of the application the need for more in-depth testing, especially unit testing is becoming a requirement.

MSc Student Internship Position (MISP-07)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - MISP - User Interface rework

The web interface of the project was developed organically and would deserve an overall rework in order to meet current standards.

The task of the internship would be to do a literature review of the current standards in regarding to web development and come with recommendations in order to improve the UI, propose examples of improvements and if possible implement the changes.

MSc Student Internship Position (PGP-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Browser Extension to Verify PGP Signatures of Web Pages

The aim of the project is to have an easy to use interface in the web browser to review the integrity of web pages when the system operator is PGP signing their pages. The solution is composed of a simple extension in Chrome and Firefox checking for the existence of a PGP detached signature. The solution is also checking the signature in a repository to see when specific signatures have been checked by others and how many times.

MSc Student Internship Position (TAXONOMY-01)

Mon, 01 Jan 0001 00:00:00 +0000

The aim of this project is to analyze existing Computer Security related taxonomies as well as all recent related studies and technical reports, and to provide appropriate output.

The existing taxonomies should be implemented within the MISP taxonomy project. The taxonomies should be correlated and identified overlapping should be identified and mapped.

Ideally the output of this project will be used as input for the ENISA taxonomy related projects especially for the Taxonomy Task Force in addition to the MISP project.

MSc Student Internship Position (Urlabuse-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Rewrite of the ‘Urlabuse’ infrastructure

‘Urlabuse’ is a twofold service created by CIRCL. First it serves the purpose to help identifying malicious or suspicious websites (e.g. phishing or malware hosting sites) and inform CIRCL about their existence. Secondly, ‘Urlabuse’ does an automatic lookup of all relevant contact information in reference to the reported website in order to increase the reaction level of CIRCL to request the take-down of such identified websites.

Overview - MSc Student Internship Position - AIL and Crawling-Analysis Extensions

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - AIL and Crawling-Analysis Extensions

AIL framework - Analysis Information Leak framework is a modular framework to analyse potential information leaks from unstructured data sources like pastes from Pastebin or similar services. AIL framework is flexible and can be extended to support other functionalities to mine sensitive information.

The internship topic is to extend AIL with various crawling and analysis extensions:

Extracting and Validating URLs found in unstructured data sources dispatched in AIL.
Fetching, collecting and storing URLs results found in unstructured data sources dispatched in AIL.
Context Triggered Piecewise Hashing module for unstructured data sources dispatched in AIL. (including statistical analysis of different CTP Hashing algorithms)
Modular notification modules based on AIL alarming.
MIME type detection modules with support of different techniques.
Natural language evaluation modules.
CVE detection module.

Qualification

Must be an EU citizen with a valid work permit in Luxembourg
Must be eligible for an MSc student internship in the field of information security and/or computer science
Must have a high-level of ethic due to the nature of the work
Must be fluent in English, Unix, Python and git

How To Apply

The application package must include the following in ASCII text format (language: English):

Overview - MSc Student Internship Position - Assisted Information Leak Incident Handling System

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Assisted Information Leak Incident Handling System

Computer Security Incident Response Teams (CSIRTs) are regularly confronted with information leaks which often include personal identifiable information (PII). CSIRTs usually inform the victims about the breach of their information such that they can take appropriate measures to recover from these leaks and to protect themselves against successive collateral damage originated by those. The process of contacting the victims is challenging. The victims are usually informed through trusted partners (such as their ISP) about the leaked information. The notification process is usually expensive and should not be abused. Unfortunately, the number of incidents regarding PII leaks are steadily increasing and PII leaks are frequently shared or traded. Hence, a common phenomenon is that leaked information emerges multiple times under various formats and by mechanically applying the process of notifying the trusted partners, in charge of informing the victims, is impractical and the respective teams are easily overwhelmed by redundant information.

Overview - MSc Student Internship Position - Identification of political bots

Mon, 01 Jan 0001 00:00:00 +0000

Overview - MSc Student Internship Position - Identification of political bots

This internship is centred on the identification of political bots spreading fake information. The internship is focused on data processing on available datasets to identify these bots. Information on the bots them selves could be extracted from github seeded by accounts found in AIL framework - Analysis Information Leak framework. The internship is not just focused on the source code of the bots themselves but also on the activities the bots did.

PhD Student Internship Position (MISP-02)

Mon, 01 Jan 0001 00:00:00 +0000

The aim of this project is to analyse existing technical and non-technical indicators within MISP platforms (and related threat sharing platforms). The candidate will review existing state-of-the art data mining algorithms in the field of summarization algorithms, classification and correlation. The candidate is invited to start with a literature research followed by an experimental validation in the context of feasibility studies. Human interfaces are experimented using prototypes that are developed by the candidate to display easily accessible information for non-technical users having roles in information security like risks managers, internal or external auditors or lead management. The candidate is invited to publish his or her findings in highly ranked conferences. Although it is not a fixed requirement of some academic conferences, the candidate has to release the source code of his or her experimental evaluations and prototypes such that other researchers can reproduce the experiments to facilitate third party innovations in the investigated research area.

Student Internship and Bachelorarbeit Position (Bachelorarbeit-01)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - Student Internship and Bachelorarbeit Position - Lookyloo integration with takedown infrastructure and automatic classification

The current status of the system makes it relatively simple for an analyst with a good understanding of web technologies to understand what is going on on a website, but due to the amount of malicious content submitted on the platform, their takedown has to be handled in a somewhat automated process to make sure the owner(s) of the websites/infrastructure are informed, and then make sure the content is made inaccessible to potential victims.

Student Internship and Bachelorarbeit Position (Bachelorarbeit-02)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - Student Internship and Bachelorarbeit Position - Lookyloo integration with takedown infrastructure and automatic classification

Student Internship Position (Lookyloo-02)

Mon, 01 Jan 0001 00:00:00 +0000

Overview - Student Internship Position - Understand, investigate and explain complex and/or malicious websites

The current status of the system makes it relatively simple for an analyst with a good understanding of web technologies to understand what is going on on a website, but there is still work to do in order to make the capture easier to understand and analyse by less technical users, expecially for big websites, often loading massive amount of contents from a vast array of 3rd party services.

Student Internship Position (Lookyloo-03)

Mon, 01 Jan 0001 00:00:00 +0000

Internships on CIRCL

Higher Technician Certificate - Student Internship Position(s) Topics (BTS-01)

Overview - Higher Technician Certificate - Student Internship Position(s) Topics (BTS-01)

Topics to choose from

Qualification

How To Apply

MSc Student Internship Position (BGPRanking-01)

Overview - MSc Student Internship Position - BGP Ranking - Expanding functionalities

Qualification

How To Apply

MSc Student Internship Position (CCL-01)

Overview - MSc Student Internship Position - CIRCLean

Qualification

How To Apply

MSc Student Internship Position (CCL-02)

Overview - MSc Student Internship Position - IMAP Proxy to sanitize attachements

Qualification

How To Apply

MSc Student Internship Position (CRL-01)

Overview - MSc Student Internship Position - Certificate Revocation Monitoring

Qualification

How To Apply

MSc Student Internship Position (forensic-01)

Overview - MSc Student Internship Position - Profiling and baselining common user-space software for forensic analysis

MSc Student Internship Position (HONEYPOT-01)

Overview - MSc Student Internship Position - Improving analysis and visualization of existing honeypot analytic software

MSc Student Internship Position (INFRA-01)

Overview - MSc Student Internship Position - Improvement of Virtualisation and Orchestration of Training Infrastructure

MSc Student Internship Position (Lookyloo-01)

Overview - MSc Student Internship Position - Analyse, visualise and export HTTP Archives (HAR)

MSc Student Internship Position (MAL-01)

Overview - MSc Student Internship Position - Extending Viper Datastore

MSc Student Internship Position (MAL-02)

Overview - MSc Student Internship Position - Improving Radare2 to support automatic integration with MISP

Qualification

How To Apply

MSc Student Internship Position (MISP-01)

Overview - MSc Student Internship Position - Providing Situational Awareness from MISP - Malware Information Sharing Platform

MSc Student Internship Position (MISP-03)

Overview - MSc Student Internship Position - Gamification of the MISP Threat Sharing Platform

MSc Student Internship Position (MISP-04)

Overview - MSc Student Internship Position - In-depth statistical analysis of MISP OSINT feeds

MSc Student Internship Position (MISP-05)

Overview - MSc Student Internship Position - MISP sighting stress testing

MSc Student Internship Position (MISP-06)

Overview - MSc Student Internship Position - MISP - in-depth unit testing

MSc Student Internship Position (MISP-07)

Overview - MSc Student Internship Position - MISP - User Interface rework

MSc Student Internship Position (PGP-01)

Overview - MSc Student Internship Position - Browser Extension to Verify PGP Signatures of Web Pages

MSc Student Internship Position (TAXONOMY-01)

Overview - MSc Student Internship Position - Identify, analyze and implement Computer Security related taxonomies.

MSc Student Internship Position (Urlabuse-01)

Overview - MSc Student Internship Position - Rewrite of the ‘Urlabuse’ infrastructure

Overview - MSc Student Internship Position - AIL and Crawling-Analysis Extensions

Overview - MSc Student Internship Position - AIL and Crawling-Analysis Extensions

Qualification

How To Apply

Overview - MSc Student Internship Position - Assisted Information Leak Incident Handling System

Overview - MSc Student Internship Position - Assisted Information Leak Incident Handling System

Overview - MSc Student Internship Position - Identification of political bots

Overview - MSc Student Internship Position - Identification of political bots

PhD Student Internship Position (MISP-02)

Overview - PhD Student Internship Position - Providing Situational Awareness from MISP - Malware Information Sharing Platform

Student Internship and Bachelorarbeit Position (Bachelorarbeit-01)

Overview - Student Internship and Bachelorarbeit Position - Lookyloo integration with takedown infrastructure and automatic classification

Student Internship and Bachelorarbeit Position (Bachelorarbeit-02)

Overview - Student Internship and Bachelorarbeit Position - Lookyloo integration with takedown infrastructure and automatic classification

Student Internship Position (Lookyloo-02)

Overview - Student Internship Position - Understand, investigate and explain complex and/or malicious websites

Student Internship Position (Lookyloo-03)

Overview - Student Internship Position - Lookyloo executive summary, integration with third party services