You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Besides Static and Dynamic Malware Analysis modules, Sandbox are commonly used to exploit malware and try to capture the malicious behavior of the malware. Well known commercial Sandboxes are joesandbox, threadgrid from CISCO among others.
Most OpenSource Malware Sandbox were derived from Cuckoo. Cuckoo rained the world for a long time. Its suspected a lot of commercial Cloud Sanbox from Vendors are Modifications of Cuckoo. Cuckoo historically was hard to install, some attempts were made to make it easy. Cukoo seem to have fallen out of grace and some newer forks are very promising.
Requirements
The Requirement from this Task, is to evaluate the state of the Art of Malware Sandbox on the OpenSource World and look into its evolution and advise for which platform to use to base further work.
Evaluate all 3, and create a list of pros and cons. Languages and tech stack use. Get an updated set of instructions to install the chosen engine. Preferably an ansible or python rutine.
Long Term Vision
The long term vision, is to expand the work on top of one of this engines and provide a series of interfaces via API for people to integrate with their Email, or Web Pipelines.
Additionally develop a nice UI (similar to joesanbox) to allow for People and Analyst to trigger malware in one of the Sandbox from Malware Alliance. In exchange we would be able to collect Malware Samples from People submited to us. A funding Mechanism for hosting to exploit the malware samples would be needed, but in the beginning we could find some creative ways to get some simple hosting of agents.
The text was updated successfully, but these errors were encountered:
Background
Besides Static and Dynamic Malware Analysis modules, Sandbox are commonly used to exploit malware and try to capture the malicious behavior of the malware. Well known commercial Sandboxes are joesandbox, threadgrid from CISCO among others.
Most OpenSource Malware Sandbox were derived from Cuckoo. Cuckoo rained the world for a long time. Its suspected a lot of commercial Cloud Sanbox from Vendors are Modifications of Cuckoo. Cuckoo historically was hard to install, some attempts were made to make it easy. Cukoo seem to have fallen out of grace and some newer forks are very promising.
Requirements
The Requirement from this Task, is to evaluate the state of the Art of Malware Sandbox on the OpenSource World and look into its evolution and advise for which platform to use to base further work.
Evaluate all 3, and create a list of pros and cons. Languages and tech stack use. Get an updated set of instructions to install the chosen engine. Preferably an ansible or python rutine.
Long Term Vision
The long term vision, is to expand the work on top of one of this engines and provide a series of interfaces via API for people to integrate with their Email, or Web Pipelines.
Additionally develop a nice UI (similar to joesanbox) to allow for People and Analyst to trigger malware in one of the Sandbox from Malware Alliance. In exchange we would be able to collect Malware Samples from People submited to us. A funding Mechanism for hosting to exploit the malware samples would be needed, but in the beginning we could find some creative ways to get some simple hosting of agents.
The text was updated successfully, but these errors were encountered: