Difference between revisions of "OWASP Security Research and Development Framework"

From OWASP
Jump to: navigation, search
Line 142: Line 142:
  
 
|}
 
|}
= Roadmap: =
 
 
=== 1. Antivirus: ===
 
 
a. XRAY Tool
 
 
b. Heuristics Analysis
 
 
c. Behavior-based Detection Tools.
 
 
d. More File Formats and improve what we have like (PDF, apk, …)
 
 
e. OpenSBI and other Virus Classification File Formats
 
 
f. Sandboxing Mechanism.
 
 
i. Using API/ SSDT Hooking
 
 
ii. Emulation Based on Pokas Emulator.
 
 
g. Update System with Flexible Mechanism
 
 
=== 2. Malware Analysis: ===
 
 
a. Support idb (IDA Pro Database) to read it and use its analysis
 
 
b. API Hooking (for the same as above)
 
 
c. Improvement in Pokas Emulator, Assembler and Disassembler
 
 
d. Recursive Disassembler
 
 
e. More APIs Emulation in Pokas x86 Emulator
 
 
f. Support more Instructions (All FPU instructions, All general purpose instructions and support mmx and 3dnow)
 
 
 
=== 3. Unpackers: ===
 
 
I’m aiming to create a database for all static unpacking codes for the mostly common unpackers and I hope it could be updated by the community
 
 
 
=== 4. Integrations: ===
 
 
a. Integration into IDA Pro Plugin Interface … and in (Debugger Menu)
 
 
b. OllyDbg Plugin Interface
 
 
c. Ollyscript Executer on cDebugger
 
 
d. Metasploit Integeration (in Meterpreter Post Exploitation
 
 
e. Python, Ruby, Delphi Header files and cTypes for SRDF.dll
 
 
=== 5. Network: ===
 
 
a. Proxy Server and Emulated IRC and HTTP Connection (Server emulate the replies to the malware and log the data)
 
 
b. Improve the HTTP analyzer and file capturing
 
 
c. Add more protocols like SMTP and FTP
 
 
=== 6. Others: ===
 
 
We need more helpful tools and applications based on SRDF
 

Revision as of 12:01, 20 August 2014

Main

OWASP Project Header.jpg

OWASP Security Reseach and Development Framework

Do you see writing a security tool in windows is hard?

Do you have a great idea but you can’t implement it?

Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?

So, Security Research and Development Framework is for you.

Abstract:

This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.


Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.

SRDF is seeking contributors to help with the next releases . Contact Amr Thabet for more info.

We can help you create your own project based on SRDF .. just contact us from the email above

Licensing

SRDF is a free open source framework. It is licensed under the GPL v2

The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

in Malware:

• Assembler and Disassembler

• x86 Emulator

• x86 Debugger

• PE Analyzer, ELF Analyzer, PDF Analyzer (still in progress), Android APK Analyzer

• Process Analyzer (Loaded DLLs, Memory Maps … etc)

• MD5, SSDeep and Wildlist Scanner (YARA)

• API Hooker, IAT Hooking and Process Injection

• Backend Database, XML Serializer

• And many more

in Network:

• Packet capturing using winpcap

• Pcap file analysis and packet analyzer

• detecting malformed packets and packet generator

• Session analysis and session separation

• Protocol Analysis like tcp, udp, icmp .. etc

• Application layer protocol analysis like http and dns

• And many more


and the project is totally object oriented, very expandable and well organized

the project development still active and still expanding

Join Us:

Do you get benefit from this framework and you need to give something back?

Do you want to add something to your CV?

Do you want to meet smart developers and join a big community?

Do you want to learn new things?

Here is place … join the development community, meet new smart people and have fun.

Source Code:

Github

Openhub

Our Website

Python SRDF (pySRDF)

it's an implementation for SRDF on python and very easy to use like this:

>>from pySRDF import * >>dbg = Dbg("C:\\test.exe") >>dbg.SetBp(0x401000) >>dbg.Run()

OR Using the Emulator:

>> emu = Emulator("C:\\test.exe") >> emu.SetBp("eip == 0x401000") >> emu.Run()

OR

>> emu.SetBp("__isdirty(eip)") #which set bp on Execute on modified data >> emu.Run()

Find it at:

pySRDF Github

Examples

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Security_Research_and_Development_Framework&oldid=180828"