MARKSON LEITE

Cybersecurity Platform

project

A Community Driven Cybersecurity Platform

A community-driven cybersecurity platform that allows users to share their findings and interests, while connecting with other researchers. The platform features a malware search tool powered by the Malware Bazaar API.

This project is based on the thesis from my bachelor's degree in software development, the full thesis can be found here.

Introduction

The cybersecurity industry is evolving rapidly, and this project was driven by my motivation to contribute to this dynamic field. During my work placement at BlackBerry as a threat researcher, even with just a few months of experience in the sector, I was able to identify certain gaps and challenges within the industry. This inspired me to address one of these issues through my project.

It was also a valuable opportunity to expand my skill set, as I utilized multiple technologies that I had not encountered earlier in my development career. Additionally, this project allowed me to create something meaningful for the cybersecurity community a field I am deeply interested about.

Background

The project background focused on four main aspects, with the primary one being Cybersecurity OSINT. In this section, we conducted in-depth research on the methods and tools related to OSINT. This was followed by a Community-Driven Approach, where we explored the structure and impact of building a community-driven project. We also delved into the principles of Human-Computer Interaction (HCI) to ensure usability and accessibility. Finally, we researched full-stack development, covering the technologies and practices required to build a complete and functional system.

Problem

To understand the problem, we need to examine a widely used yet imperfect tool in cybersecurity called VirusTotal. This platform is used to detect malicious content and identify false positives or false negatives. Vendors can provide their AI-based engine models, which are then used to process files submitted to the platform.

The issue arises when you realize that many of these AI engine models are significantly outdated, with some ranging from 4 to 10 years old. This lack of updates reduces their effectiveness in detecting modern threats.

Here’s an example of the problem: a file is falsely flagged as malware by 28 different vendors on VirusTotal. In response, a user decides to warn others about the false positive by posting in the platform’s community section.

Objectives

The objective of this project is to address a Cybersecurity OSINT-related issue of falsely flagged content by developing a community-driven web platform. This platform allows users to share their findings and interests within the field while engaging with other researchers.

Additionally, the platform includes a malware search feature that gathers open-source information based on a user-provided SHA256 hash. This functionality is made possible through the integration of the MalwareBazaar API.

Initial Project Architecture

The system allows users to authenticate using their Google or GitHub accounts via OAuth2. The database stores information about user profiles and their content. It also integrates the MalwareBazaar API to retrieve information about malware samples.

The platform was built using the Django framework, which utilizes an SQLite database by default. For the front end, I implemented Vanilla JavaScript along with TailwindCSS for styling. The application is packaged and deployed using Docker.

Implementation Approach

The implementation methodology for the project followed a structured approach, with a plan consisting of six sprints, each lasting two weeks. During the research phase, functional and non-functional requirements were outlined and allocated to the respective sprints to ensure a clear and organized development process.

Conclusion

A community-driven cybersecurity platform can offer valuable solutions to the problem of falsely flagged content in the industry. Overall, I believe the main objectives were successfully implemented. However, there is still work to be done to enhance current features and develop future system improvements.

Project Demo

Project Demo Video can be found here.