Inspiration
Phishing and email spoofing remain the most common entry points for cyberattacks. We wanted to explore how easily users can fall for realistic but harmless emails—and how data-driven insights can strengthen awareness training and detection models.
What it does
Our project simulates controlled, lab-safe phishing campaigns using Wordware automation. It tracks delivery, opens, and clicks in a sanitized dashboard to measure human risk and gateway effectiveness. We also began developing a machine-learning and deep-learning pipeline to detect and classify malicious URLs, complementing the simulation with proactive defense research.
How I built it
We used Wordware for automation and telemetry visualization, Python + Flask for backend logging, and a mock SMTP setup to ensure all emails were contained within a sandboxed environment.
Challenges I ran into
Ensuring full ethical isolation—no real recipients or payloads. Managing asynchronous message tracking and accurate analytics visualization. Balancing detection accuracy and false-positive rates in URL classification. Time-boxing training runs on limited hardware during the hackathon.
Accomplishments that I'm proud of
End-to-end phishing simulation dashboard built safely within 24 hours. Actionable analytics showing how awareness and filters impact outcomes. Integration of an initial malicious-URL detection model for future defense modules. Clear demonstration of how offensive simulation data can inform defensive systems.
What I learned
Hands-on simulation, when done responsibly, provides the best understanding of real-world attack behavior. We learned to combine offensive-security insights with defensive ML research to build safer email ecosystems and better user education.
What's next for SnackHack
Integrate the ML URL detector into the simulation pipeline for real-time classification. Expand datasets and benchmark models for precision and recall. Open-source a training-mode simulator for organizations to test awareness safely. Develop an admin dashboard with real-time defense recommendations.
Built With
- python
- react
- typescript
- wordware
Log in or sign up for Devpost to join the conversation.