decive.eu
HackYeah bills itself as the biggest hackathon in Europe with over 2000 participants. Our five-person team decided on the Defence task and landed the following problem: when private companies take hours or days to report incidents to national response teams, attackers can hit multiple targets across Europe before anyone has a chance to react. Our answer was decive.eu — a shared platform where honeypots scattered across critical infrastructure feed into a single live dashboard.
Visual Overview
A honeypot is a decoy server that looks like a real system to an attacker but is actually just logging everything they do. The idea behind decive.eu is that if you deploy enough of them across enough infrastructure and route all that data into one place, you can detect large-scale coordinated attacks the moment they start rather than hours later.
The system has three parts. The honeypot itself is a lightweight Python server that listens for SSH connections, sends back a fake banner, reads the client's identification string to classify what tooling the attacker is using (OpenSSH, Nmap, Masscan, etc.), and then posts a structured alert to the backend before closing the connection. It supports optional tarpitting to slow attackers down. The backend is a Flask REST API backed by SQLite that stores honeypot configurations and incoming incident logs. The frontend is a Vue 3 and TypeScript dashboard that polls the backend every couple of seconds and shows all active honeypots on an interactive world map, with marker colors indicating the highest recorded severity per node and animated ripples on those with recent activity. A live KPI overlay shows total attacks, active honeypots and unique source IPs at a glance. New honeypots can be registered directly from the dashboard by clicking a location on the map.
The whole stack runs in Docker and was deployed and publicly accessible by the end of the 24 hours.