endgameinc / maxwell Goto Github PK

As this seems to be using ancient cuckoomon code verbatim, has Endgame Inc. purchased a commercial license from upstream Cuckoo devs to be able to relicense the code as MIT? It looks like the version that was copied might have been before cuckoomon added its GPLv3 license or any mention of copyright at all in the headers (as any copyright mention is missing from the files in the repo) but surely that wouldn't grant Endgame the ability to relicense that code under the MIT license.

-Brad

Hi,

Sorry I put this in as an issue as I did not know another way to contact yourselves regarding this project. I am wondering about the future for this project as it is very interesting and specifically about increasing its reach? Firstly I think this project looks fantastic and I thank you for making this publically available. Unfortunately without personal access to VSphere (& I doubt my employer would allow me to use it on their production Vsphere :-) ) I am limited in my ability to actually use it as I am sure other researchers are too. I am wondering thus:

• Are there plans to allow the use of other virtualisation products i.e VirtualBox etc. to allow more general use?

• Is there a possibility you would consider implementing some of the functionality in Cuckoobox (specifically the exploit detections) or extending Cuckoo with similar features? Cuckoosploit from Checkpoint provided some functionality and this was ported into Cuckoo-modified and also into the Cuckoo 2.0 branch where you can see the changes here: cuckoosandbox/monitor#17.

Currently this primarily covers ROP based exploits and obviously as mentioned in your blogs and the tool this is becoming increasingly unreliable as ropless methods are used. Being able to use these exploit detections within Cuckoo would be great & it is in wide general use among the security community allowing more researchers to benefit from this and also would help extend its coverage to also document exploits for instance. I would love to be able to implement this kind of detection myself but it is unfortunately out of my abilities to port this kind of functionality.

Thank you very much for your time.