Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/spender-sandbox/cuckoo-modified

Modified edition of cuckoo
https://github.com/spender-sandbox/cuckoo-modified

Last synced: 28 days ago
JSON representation

Modified edition of cuckoo

Host: GitHub
URL: https://github.com/spender-sandbox/cuckoo-modified
Owner: spender-sandbox
Created: 2015-11-30T13:55:54.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2017-11-21T14:35:34.000Z (about 7 years ago)
Last Synced: 2024-08-04T01:13:53.746Z (4 months ago)
Language: Python
Size: 38.1 MB
Stars: 393
Watchers: 72
Forks: 178
Open Issues: 173
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

Python-Security-Tool-Database - Cuckoo Modified(+Sandbox) - This is deprecated, but the one I'm familiar with. Never used the new one, but it's [here](http://www.cuckoosandbox.org/). This is a really excellent automated malware analyzer, highly recommend. (Synopsis / Table of Contents)

README

As of 4/26/2017 I'm handing this repo off to others to fork and continue if they wish. Thanks to doomedraven, KillerInstinct, kevross33, SeanKim77, jgajek, keithjjones, pashashocky, Shane-Carr, seanthegeek, garanews, and all the other contributors I forgot to mention.

This fork aims to continue the work of the heavily modified version of [Cuckoo Sandbox](http://www.cuckoosandbox.org) provided under the GPL by Optiv, Inc.

It offers a number of advantages over the upstream Cuckoo:
+ Fully-normalized file and registry names
+ 64-bit analysis
+ Handling of WoW64 filesystem redirection
+ Many additional API hooks
+ Service monitoring
+ Correlates API calls to malware call chains
+ Ability to follow APC injection and stealth explorer injection
+ Pretty-printed API flags
+ Per-analysis Tor support
+ Over 150 new signature modules (over 75 developed solely by Optiv)
+ Anti-anti-sandbox and anti-anti-VM techniques built-in
+ More stable hooking
+ Ability to restore removed hooks
+ Greatly improved behavioral analysis and signature module API
+ Ability to post comments about analyses
+ Deep hooks in IE's JavaScript and DOM engines usable for Exploit Kit identification
+ Automatic extraction and submission of interesting files from ZIPs, RARs, RFC 2822 emails (.eml), and Outlook .msg files
+ Direct submission of AV quarantine files (Forefront, McAfee, Trend Micro, Kaspersky, MalwareBytes, MSE/SCEP, and SEP12 formats currently supported)
+ Automatic malware classification by [Malheur](http://mlsec.org/malheur/)
+ Significant contributions from [Jeremy Hedges](https://github.com/killerinstinct/), [William Metcalf](https://github.com/wmetcalf), and Kevin Ross
+ Hundreds of other bugfixes

For more information on the initial set of changes, see:
https://www.optiv.com/blog/improving-reliability-of-sandbox-results

If you want to contribute to development, feel free to submit a pull request.