Confirm
529
edits
Changes
→Student projects
* language: english or french
The [https://github.com/mozilla/masche Masche] project is a cross-platform memory scanning library written in Go for use in [http://mig.mozilla.org Mozilla InvestiGator (MIG)]. Masche was built by a team of students during MWoS 2014 ([https://air.mozilla.org/mwos-2014-masche-2/ watch presentation]) and is now used across Mozilla's infrastructure to scan userland memory space on servers. The goal of this year's project is to add kernel memory scanning to the Masche library for all 3 major OSes (Linux, Windows & MacOS). The team will be tasked with implementing kernel drivers that can be used to acquire memory that is normally not accessible to userland processes (see [https://github.com/504ensicsLabs/LiME LiME] for an example of such driver).
This is a difficult high complexity project that will require strong skills in C programming and operating systems architecture. Candidates should demonstrate current knowledge and projects or code that relate to kernel programming in their application. === MIG: Cross-platform log monitoring for threat detection ===* Mozilla Advisor: [https://mozillians.org/en-US/u/jvehent/ Julien Vehent]* difficulty: medium* language: english or french[http://mig.mozilla.org Mozilla InvestiGator (MIG)] is a digital forensics platform used by Mozilla to monitor the security of servers. MIG deploys an agent on systems that is used to maintain the security of the infrastructure. The goal of this project is to add a log monitoring component to the MIG agent to continuously read the logs of a system and trigger alerts on specific patterns (string matching, repeated message within a sliding window, etc...). The log monitoring component must be built in the Go language and must support Linux, MacOS and Windows log analysis. Beyond basic log monitoring, a successful team will be encouraged to evaluate heuristic based threat detection, and how groups of agents can be used together to identify unusual behaviors.
=== PROJECT: TITLE ===
