Query on Roadmap & Extending Maxwell #3
Description
Hi,
Sorry I put this in as an issue as I did not know another way to contact yourselves regarding this project. I am wondering about the future for this project as it is very interesting and specifically about increasing its reach? Firstly I think this project looks fantastic and I thank you for making this publically available. Unfortunately without personal access to VSphere (& I doubt my employer would allow me to use it on their production Vsphere :-) ) I am limited in my ability to actually use it as I am sure other researchers are too. I am wondering thus:
-
Are there plans to allow the use of other virtualisation products i.e VirtualBox etc. to allow more general use?
-
Is there a possibility you would consider implementing some of the functionality in Cuckoobox (specifically the exploit detections) or extending Cuckoo with similar features? Cuckoosploit from Checkpoint provided some functionality and this was ported into Cuckoo-modified and also into the Cuckoo 2.0 branch where you can see the changes here: add exploit detections & fix unicode leakage bug cuckoosandbox/monitor#17.
Currently this primarily covers ROP based exploits and obviously as mentioned in your blogs and the tool this is becoming increasingly unreliable as ropless methods are used. Being able to use these exploit detections within Cuckoo would be great & it is in wide general use among the security community allowing more researchers to benefit from this and also would help extend its coverage to also document exploits for instance. I would love to be able to implement this kind of detection myself but it is unfortunately out of my abilities to port this kind of functionality.
Thank you very much for your time.