Cuckoo Sandbox is a malware analysis platform which performs basic static file analysis to in-depth dynamic analysis of binaries. Even though macOS modules exist, they are not being properly used by the Cuckoo work system. The idea is to add a long term support for macOS binaries by setting up kernel-space extension by rewriting xnumon. As xnumon in itself is an up to date monitoring module, we can rewrite the kext to incorporate our custom logging and reporting methods. Apart from that macOS malware specific auxiliary modules are to be written in the later part of the project

Organization

Student

zed009

Mentors

  • Jurriaan Bremer
  • RicoVZ
close

2019