Expand Cuckoo Sandbox
improve cuckoo's ability of analyzing network traffic.
Cuckoo Sandbox is an Automated Malware Analysis developed by Claudio Guarnieri, mainly Cuckoo is a lightweight solution that performs automated dynamic analysis of provided Windows binaries. It is able to return comprehensive reports on key API calls and network activity.
- April 23rd - May20th: Community Bonding Period
- May 21st - May 27th: reviewing libwireshark implementations & reading its documentations.
- May 28st - May 31th: get myself familiarize with SWIG (Simplified Wrapper and Interface Generator) in order to binding wireshark dissectors.
- June 1st - June 7th: Evaluate the use of libwireshark bindings.
- June 8th - June 30th: write bindings for libwireshark by using SWIG this if it was viable, otherwise I will shift to use Scapy to write protocols dissectors for these protocols:
TCP, UDP, ICMP, DNS, HTTP, FTP, IRC, SMB, SIP, TELNET, SSH, IMAP, POP and H.323.
- July 1th – July 9th: libwireshark bindings testing.
July 9th - July 13th: Mid Term Assessments
- July 10th – July 25th: developing a component to reconstruct the data streams and to recover the downloaded files whenever it is possible.
- July 26th – July 29th: testing and code refactoring for the previous component.
- July 30th – Aug 4th: developing a traffic statistics component which provides (flows, protocols, interactions between src/dst).
- Aug 5th – Aug 6th: testing and code refactoring for the previous component.
- Aug 7th – Aug 13th: integrating all the work in Cuckoo with reports generating.
August 13th: Suggested "pencils down" date, coding close to done
- Aug 14th – Aug 20th: documentation preparation.
August 20th: Firm "pencils down" date, coding must be done
August 24th - August 27th: Final Assessments
August 31st - Public code uploaded and available to Google
All code developed must respect Cuckoo coding guidelines (essentially PEP-8), fully documented in doctoring format and when possible it must comes with unit tests.
improve cuckoo's ability of analyzing network traffic by delivering these components:
1- libwireshark bindings.
2- Reconstructing data streams with Recovering downloaded files component.
4- Traffic statistics component.
Project Source Code Repository:
Student Weekly Blog:
Project Useful Links:
|File name||Size||Date submitted|
|Abdulellah_Alsaheel.tar.gz||142.9 KB||August 28 2012 00:55 UTC|