Since the start of the development of Gemini, I’ve have contacted numerous people and asked them their opinion about the release of software like this. Evidently, the program can be used by those who want to learn more about the workings of malware and detection techniques, but it can also be used by those who have malicious intent. My goal with Gemini is to make the world a more secure place by providing information, as is my motto: “Security through explanation”. Sandboxes can be, if not already, updated with additional checks to increase the safety overall.
The contribution to the community with the source and its explanation is greater than the negative impact which the program might have, as there are a lot of crypters, packers and exploit kits on the (black) market already, enabling people to craft an exploit from scratch, rather than from shellcode.
Gemini will be easy to use, also for those with less understanding. Yet, the level of knowledge required to know how to compile a piece of C-code or to generate shellcode is required. Therefore, the ‘script kiddies’, ‘skids’ or however you call them, will most likely leave Gemini be and search for an ‘all-in-one’-tool to hack ‘the world’ or ‘the internet’ with.
The overall feedback I’ve received confirmed this theory, which made me decided to publish the program indeed.
The first release of Gemini will be the first version to have full support of the basic techniques to detect and avoid anti-virus suites, virtualisation and sandboxes. Since I’m creating Gemini in my spare time and I need to research the topics, write the Java- and C-code and document the findings, the release will not be a speedy one. The documentation will, however, be released in earlier stages and will be lengthy.
Any additions, questions and/or remarks can be sent to me via e-mail at [info][at][maxkersten][dot][nl] or via a PM on Reddit, under the name of ThisIsLibra.