Hello
My name is Thorsten Sick, I am Researcher at Avira. Currently I am part
of the ITES project. This project's aim is to develop
detection/protection technology using the benefits from a guest system
running in a virtual machine. Short: Sensors in the VM and in the
hypervisor layer.
One of my first steps would be to automate Malware analysis and use some
big guns. Volatility would be a big gun. Combined with cuckoobox it
could be very powerful.
But for that volatility needs:
- A log format that could be parsed in a simple way (JSON ?) for the plugins
- Maybe some nice API to control it from Cuckoobox
I am ready to implement that. But before doing stuff only half I would
love to hear your opinion.
Especially if you have some whishes what exactly should be in those
logs, please tell me. If you maintain a plugin, please tell me. I am
ready to write the log code or we try to figure out a format and you can
code it yourself.
What I am doing here should have benefits for the community-if done right.
You can also find me in the IRC.
Thanks
Thorsten
--
Thorsten Sick, Research
Avira Operations GmbH & Co. KG
Kaplaneiweg 1
88069 Tettnang
Germany
Phone: +49 7542-500 0
Fax: +49 7542-500 3000
Internet:
http://www.avira.com