Welcome all, my name is Martin Nielsen and I’m the project manager of the Magnificent7. I will be uploading exciting new content, blogging, and fielding any questions you may have about the program. I’m looking forward to assisting all comers looking to get involved in the Magnificent7 community!
So, drum roll please… the Magnificent7 Program is now up and running with Androguard and Cuckoo Sandbox the first two projects to be supported. These are two really great projects and I’m looking forward to working with them and telling you all about them over the next few months.
Androguard and Cuckoo Sandbox are both focused on the malware space, addressing mobile borne malware and virtualized analysis respectively: two of the hottest topics in the space today.
Androguard, the work of Anthony Desnos and Geoffroy Gueguen, is an advanced tool for the analysis of mobile malware that attacks Android platforms, or as Desnos likes to describe it: “a native decompiler of Android applications.” Androguard employs a specialized static environment for analysis via the Google Summer of Code-sponsored DroidBox, for which Desnos was a mentor. Currently on its 0.9 release, Androguard is working on refining what is already a robust analysis tool and creating a workflow process around it to help with the usability of the tool. The backing of the Magnificent7 Program will help with this, supporting the Androguard team in their efforts to solidify the reverse engineering sessions, including the integration and amelioration of DroidBox, as well as supporting ARM libraries for analysis. In addition, they aim to create a Graphical User Interface to enhance the user experience.
Cuckoo Sandbox is an application that provides a virtual sandbox for the automatic analysis of malware specimens. The project was originally created for the 2010 Google Summer of Code by Claudio Gaurnieri who remains its main contributor. The platform allows for the automatic capture and advanced analysis of dangerous strains of malware in a contained environment. Cuckoo Sandbox’s architecture consists of virtual guest machines, where all the analysis takes place, and a host where all guests are controlled. These two devices are segregated by a virtual switch which dumps all traffic trying to flow between the two systems. Working with Rapid7 will enable Cuckoo Sandbox to increase its ability to adapt to the user’s needs through configurable modules, as well as extending the virtualization capabilities, which include self-protection from the malware specimens.
These two projects will receive both financial and mentoring support from Rapid7. This is part of our ongoing support for the open source community, which has resulted in us working with the Metasploit project, John the Ripper and w3af. Open source projects are fantastic incubators for truly bleeding edge development and we believe it’s vital that organizations do what they can to nurture this innovation. The Magnificent7 program is the next stage of our close involvement with the community and we feel the first two projects we’re backing embody the community participation and vision that can be so powerful in open source projects.
For more information on the projects, take a look around the Magnificent7 neighborhood of SecurityStreet or check out the press release.