Difference between revisions of "OWASP Security Research and Development Framework"

From OWASP
Jump to: navigation, search
(Created page with "=Main= Project Leader’s content goes here =Project About= {{:Projects/OWASP_Security_Research_and_Development_Framework}} Category:OWASP Project")
 
Line 1: Line 1:
 
=Main=
 
=Main=
Project Leader’s content goes here
+
 
 +
 
 +
''Do you see writing a security tool in windows is hard?
 +
Do you have a great idea but you can’t implement it?
 +
Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro?
 +
So, Security Research and Development Framework is for you.''
 +
 
 +
 
 +
 
 +
== Abstract: ==
 +
 
 +
This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation. 
 +
 
 +
This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.
 +
 
 +
 
 +
== Introduction: ==
 +
 +
 
 +
In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.
 +
 
 +
The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.
 +
 
 +
The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF
 +
 
 +
The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework
 +
 
 +
SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.
 +
 
 +
The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.
 +
 
 +
 
 +
== The Features: ==
 +
 
 +
 
 +
Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.
 +
 
 +
In User-Mode part, SRDF gives you many helpful tools … and they are:
 +
 
 +
• Assembler and Disassembler
 +
 
 +
• x86 Emulator
 +
 
 +
• Debugger
 +
 
 +
• PE Analyzer
 +
 
 +
• Process Analyzer (Loaded DLLs, Memory Maps … etc)
 +
 
 +
• MD5, SSDeep and Wildlist Scanner (YARA)
 +
 
 +
• API Hooker and Process Injection
 +
 
 +
• Backend Database, XML Serializer
 +
 
 +
• And many more
 +
 
 +
In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:
 +
 
 +
• Object-oriented and easy to use development framework
 +
 
 +
• Easy IRP dispatching mechanism
 +
 
 +
• SSDT Hooker
 +
 
 +
• Layered Devices Filtering
 +
 
 +
• TDI Firewall
 +
 
 +
• File and Registry Manager
 +
 
 +
• Kernel Mode easy to use internet sockets
 +
 
 +
• Filesystem Filter
 +
 
 +
 
 +
Still the Kernel-Mode in progress and many features will be added in the near future.
 +
 
 +
Let’s now see the design:
 +
 
  
 
=Project About=
 
=Project About=

Revision as of 15:51, 11 December 2012

Contents

Main

Do you see writing a security tool in windows is hard? Do you have a great idea but you can’t implement it? Do you have a good malware analysis tool and you don’t need it to become a plugin in OllyDbg or IDA Pro? So, Security Research and Development Framework is for you.


Abstract:

This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.


Introduction:

In the last several years, the malware black market grows widely. The statistics shows that the number of new viruses increased from 300,000 viruses to millions and millions nowadays.

The complexity of malware attacks also increased from small amateur viruses to stuxnet, duqu and flame.

The malware field is searching for new technologies and researches, searching for united community can withstand against these attacks. And that’s why SRDF

The SRDF is not and will not be developed by one person or a team. It will be developed by a big community tries to share their knowledge and tools inside this Framework

SRDF still not finished … and it will not be finished as it’s a community based framework developed by the contributors. We just begin the idea.

The SRDF is divided into 2 parts: User-Mode and Kernel-Mode. And we will describe each one in the next section.


The Features:

Before talking about SRDF Design and structure, I want to give you what you will gain from SRDF and what it could add to your project.

In User-Mode part, SRDF gives you many helpful tools … and they are:

• Assembler and Disassembler

• x86 Emulator

• Debugger

• PE Analyzer

• Process Analyzer (Loaded DLLs, Memory Maps … etc)

• MD5, SSDeep and Wildlist Scanner (YARA)

• API Hooker and Process Injection

• Backend Database, XML Serializer

• And many more

In the Kernel-Mode part, it tries to make it easy to write your own filter device driver (not with WDF and callbacks) and gives an easy, object oriented (as much as we can) development framework with these features:

• Object-oriented and easy to use development framework

• Easy IRP dispatching mechanism

• SSDT Hooker

• Layered Devices Filtering

• TDI Firewall

• File and Registry Manager

• Kernel Mode easy to use internet sockets

• Filesystem Filter


Still the Kernel-Mode in progress and many features will be added in the near future.

Let’s now see the design:


Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP_Security_Research_and_Development_Framework (home page)
Purpose: This is a free open source Development Framework created to support writing security tools and malware analysis tools. And to convert the security researches and ideas from the theoretical approach to the practical implementation.

This development framework created mainly to support the malware field to create malware analysis tools and anti-virus tools easily without reinventing the wheel and inspire the innovative minds to write their researches on this field and implement them using SRDF.

License: GNU GPL v2
who is working on this project?
Project Leader(s):
  • Amr Thabet @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Amr Thabet @ to contribute to this project
  • Contact Amr Thabet @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
SRDF-v1.00.rar

SRDF Reference Manual v.100.pdf

Browse Source Code

last reviewed release
Not Yet Reviewed


other releases