News
Client argos library v0.1.4 released
16/04/2009Client argos library v0.1.4 contains an updates to the carlog utility that enables the user to print the contents of an arbitrary memory block from an Argos csi log.
Argos critical fix
29/03/2009Argos v0.4.2-1 fixes a critical error that caused a crash if the control socket was not used.
New packages released
25/03/2009
Argos v0.4.2 released
This release of Argos is fixing problems with the control socket. Threading is not used any more. Instead Qemu's async. IO mechanisms are used.
Another modification allows one to let tainted data execute, by supplying the '-no-fsc' option at run time. This of course disables the injection of forensics shellcode.
Also, this version makes whitelists optional. The user needs to enable whitelist support when configuring Argos, as well as at runtime.
Argos-replay
This is an early release of versions of Qemu and Argos that allow you to record the execution of a VM running within our
modified Qemu emulator, and replay the exact same execution
using Argos.
This code has not been extensively tested, and currently does
not support graphical output, and IO-APIC.
Prospector
Prospector is a flavour of Argos that performs more
aggressive data tracking for more comprehensive signature
generation.
Please consult the research paper, and included documentation
files for more information.
New Argos web site
18/03/2009Our website got a new look. You will also notice that we added a "Use Cases" page, which lists the security frameworks that are currently using Argos.
Argos 0.4.1 released
21/05/2008The new version of Argos (0.4.1) contains bug fixes related with taint tracking. It is recommended to update to the latest version of Argos, since it solves issues with reported false positives. Checking the CALL instruction for tainted operands, has also been re-enabled, since it seems it does not cause problems with windows systems anymore. The use of a whitelist is not necessary as well, since the false positives reported by 2.6.* linux kernels are also solved. Finally, crashes reported with windows 2000 guest systems, seem to be also solved. If any of the users discovers false positives, after these changes please notify the developers immediately.
Argos version 0.4.0 released
29/02/2008Finally, the long awaited port to QEMU 0.9.* series is here. Argos v0.4.0 is based upon QEMU v0.9.1.Additional changes, besides the port, include a double taintness check before executing a part of code to ensure attackers' injected code is always detected at the moment it is first executed. The check is performed whenever a TB is scheduled to be executed, as well as within the translated code whenever EIP is modified. This is to cover TB chaining performed by QEMU to speed up emulation. In the future we might consider disabling chaining, if a single check offers a significant performance gain.
Improved argos network logs conversion utility
25/01/2008A new argos-utils package has been released, containing the utility netlog2pcap, which converts an argos network log to a pcap log without using Ethereal's text2pcap. The older raw2pcap is also included, with a small bug fix. Thanks are going to Tillmann Werner.
New logs processing library
18/01/2008Version 0.1.3 of the logs processing library has been released. Contains large file support for Linux, as well as a bug fix for cargos_lib_csi_mbnext().
