Google Summer of Code

Expand Cuckoo Sandbox

Abdulellah Alsaheel

Abstract

improve cuckoo's ability of analyzing network traffic.

Additional Information

 

Cuckoo Sandbox

 

 

 

Project Overview:
Cuckoo Sandbox is an Automated Malware Analysis developed by Claudio Guarnieri, mainly Cuckoo is a lightweight solution that performs automated dynamic analysis of provided Windows binaries. It is able to return comprehensive reports on key API calls and network activity.

 

Project Plan:

 

  • April 23rd - May20th: Community Bonding Period
  • May 21st - May 27th: reviewing libwireshark implementations & reading its documentations.
  • May 28st - May 31th: get myself familiarize with SWIG (Simplified Wrapper and Interface Generator) in order to binding wireshark dissectors.
  • June 1st - June 7th: Evaluate the use of libwireshark bindings.
  • June 8th - June 30th: write bindings for libwireshark by using SWIG this if it was viable, otherwise I will shift to use Scapy to write protocols dissectors for these protocols:

 

TCP, UDP, ICMP, DNS, HTTP, FTP, IRC, SMB, SIP, TELNET, SSH, IMAP, POP and H.323.

 

  • July 1th – July 9th: libwireshark bindings testing.

 

July 9th - July 13th: Mid Term Assessments

 

  • July 10th – July 25th:  developing a component to reconstruct the data streams and to recover the downloaded files whenever it is possible.
  • July 26th – July 29th: testing and code refactoring for the previous component.
  • July 30th – Aug 4th: developing a traffic statistics component which provides (flows, protocols, interactions between src/dst).
  • Aug 5th – Aug 6th: testing and code refactoring for the previous component.
  • Aug 7th – Aug 13th: integrating all the work in Cuckoo with reports generating.

 

August 13th: Suggested "pencils down" date, coding close to done

 

  • Aug 14th – Aug 20th: documentation preparation.

 

August 20th: Firm "pencils down" date, coding must be done

 

August 24th - August 27th: Final Assessments

 

August 31st - Public code uploaded and available to Google

 

 

 

 

 

Notes:

 

All code developed must respect Cuckoo coding guidelines (essentially PEP-8), fully documented in doctoring format and when possible it must comes with unit tests.

 

 

 

Project Deliverables:
improve cuckoo's ability of analyzing network traffic by delivering these components:

 

1- libwireshark bindings.

 

2- Reconstructing data streams with Recovering downloaded files component.

 

4- Traffic statistics component.

 

Project Source Code Repository:
https://github.com/cuckoobox/cuckoo

 

Student Weekly Blog:

 

https://www.honeynet.or/blog/340

 

 

 

Project Useful Links:
http://www.cuckoobox.org/index.php

 

http://malwr.com/

 

Code samples

File name Size Date submitted
Abdulellah_Alsaheel.tar.gz 142.9 KB August 28 2012 00:55 UTC