Poppy seed is an abstraction of malware analysis tool. We need to start from somewhere right, so we started this program development with an Android OS platform (keeping the cost of implementation and research into consideration). Next is IoT, followed by iOS!
Because according to the Wikipedia (https://en.wikipedia.org/wiki/Poppy_seed) it provides 'supposed magical powers of invisibility' and who does not love invisiblity, am I right!! Including malware authors but this poppy seed app will help you unveil the magic cloak around malware apps.
This is a live repository and I promise atleast a commit every two months. But keep in mind currently there is only one author to this project. And that f*$@er has a day job (slacking off ofcourse) but I promise I will do my best to expediate this development.
Contributors are always welcome, we need expertise for following,
- Python developer
- Malware specalist
- Django front end developer (I know Django is a subset of Python but I just feel like give it a shout out)
- Docker
Development plan
Android malware development plans is simple, I am going to break it into three phases,
- Discovery of security controls enforced (obfuscator, packer, protector) Timline: 8th Dec 2017 will be released before BSides Philly
- Static analysis of Android application to detect malware Timline: 30th Janurary 2018 will be released before (will release it soon)
- Dynamic analysis of Android application to detect malware and its behaviour Timline: 8th April 2018 will be released before (will release it soon)
Demo, presentation slides and example will be shared and uploaded on this pages!! YAH!!!
I am currently using github pages for adding my brain dump. I understand this is not a sustainable one but it works for now, I guess. (https://sdswapz.github.io/poppy_seed/)
I have very liberal views around licensing agreements or someone using the code to expand on something I missed out on. I am learning from the community and I want to contribute back to it by removing barrier to entry around what I developed. However if I have any dependencies we all must and have to comply to there licensing agreement.
Contributors:
Swapnil Deshmukh
Sarath Geethakumar
Swapnil Deshmukh
Swapnil Deshmukh has over 10 years of information technology and information security experience, including technical expertise, leadership, strategy, operational and risk management. Charged with incubating and evangelizing security-driven, context-driven risk management strategies, policies and practices for emerging technologies. Role also provides opportunity to actively engaged in the industry to maintain peer group dialog, develop partnerships, share subject matter expertise and develop industry best practices. Coauthor of Hacking exposed series. Frequent speaker at conferences and roundtables, and contributor to many Health and FinTech publications.
Sarath Geethakumar
Sarath Geethakumar is a security researcher and practitioner with over 15 years of information security experience. He has also co-authored of Hacking exposed mobile: Security Secrets & Solutions.
The views, code, opinions in this article are those of me as an independent researcher and do not necessarily reflect the official policy or position of any company. Research on malware analysis performed are only gather through personal experience and people I am connected with. It is not reflective of the position of any individual or company other than me of course.