Cuckoo Sandbox Summer of Code 2015

Posted on March 10, 2015 in Tools • 3 min read

This summer the Cuckoo Sandbox project is participating the Google Summer of Code 2015, thanks to a big effort of the Honeynet Project.
This is a great opportunity for students who would like to work on Cuckoo and get paid for it! This is a great challenge and an huge opportunity to work on a real malware sandbox, write code and gain valuable experience, and help improving the open source security tools ecosystem.
Almost all college and graduate students are eligible, we are searching for problem solving people with strong development skills who would like to learn about malware and OS (Linux and Mac OS X) internals.

Cuckoo Projects

The proposed Cuckoo project are the following (taken from Honeynet GSOC ideas):

  • Project Name: Project 18 - Cuckoo Sandbox #1: Support for Linux binaries Mentor: Alessandro Tanasi (IT) Backup mentor: TBD Skills required: Python, Linux internals, Django (optional) Project type: Extend and improve existing library Project goal: Improve Cuckoo Sandbox to support analysis of Linux malware. Description: We would like to expand Cuckoo to support execution of Linux malware. To develop this feature it is required to design and write a custom python analyzer (a little engine with modules), that will follow Cuckoo’s existing win32 architecture to run the malware inside a Linux virtual machine, instrument and record the malware behavior then return the execution analysis information back to Cuckoo’s existing reporting components.
  • Project Name: Project 19 - Cuckoo Sandbox #2: Support for Mac OS binaries Mentor: Alessandro Tanasi (IT) Backup mentor: TBD Skills required: Python, Mac OS X internals, Django (optional) Project type: Extend and improve existing library Project goal: Improve Cuckoo Sandbox to support analysis of Mac OS X malware. Description: We would like to expand Cuckoo to support execution of Mac OS X malware. To develop this feature it is required to design and write a custom python analyzer (a little engine with modules), that will follow Cuckoo’s existing win32 architecture to run the malware inside a Mac OS X virtual machine, instrument and record the malware behavior then return the execution analysis information back to Cuckoo’s existing reporting components.

Who is eligible?

You have to meet the following requirements to apply to a Cuckoo GSOC Project:

  • You should be a college or graduate students.
  • You should not have a job.
  • Python knowledge is required.
  • Mac OS X or Linux internals knowledge is required.

Where to  start?

First of all I would recommend to read, read and read again all the pages related to GSOC on Google GSOC website and Honeynet GSOC, it is really mandatory to understand how a Google Summer of Code works, what you are expected to do and what you can expect.

A fundamental link is the GSOC timeline where all GSOC phases are explained with all the deadlines. For example today we are in a phase where wannabe students talks with their mentors to understand as much as they can about the technology and the project.

For example I would suggest to:

  • Install and start to play with Cuckoo.
  • Read the documentation and the code to understand how it works.
  • Check the GitHub page to understand how Cuckoo’s development works.
  • Try to think about how to design the implementation of the project you choose and start to learn things.
  • If you need some clarifications get in touch with me or other Cuckoo’s developer.

How to apply?

You should apply on Google GSOC page, applications are only accepted from March 16 until March 27 at 19:00 UTC, so pinpoint it on you calendar.

Application should be submitted using the “Log in” button in the “Student” area,  I suggest you to take your time to prepare your application.

Get in touch

It is encouraged to talk with your project mentors, for example:

  • Join the Honeynet GSOC mailing list and write an email to present yourself.
  • Join the Honeynet GSOC IRC channel #gsoc-honeynet on irc.freenode.net to about the GSOC project and understand how it works. You can also get in touch with Cuckoo’s mentors here.
  • Join the Cuckoo IRC channel #cuckoosandbox IRC channel on irc.freenode.net to talk with Cuckoo’s developers and talk about the project.