*REMnux* is a lightweight linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu.
REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports. REMnux is also useful for analyzing web-based malware, such as malicious JavaScript, Java programs, and Flash files. It also has tools for analyzing malicious documents, such as Microsoft Office and Adobe PDF files, and utilities for reversing malware through memory forensics. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab. You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking the SANS Institute course on *Reverse-Engineering Malware* (REM). Hence the name – REMnux. REMnux does not aim to include all malware analysis tools in existence. Many of these tools are designed to work on Windows, and investigators prefer to use Windows systems for running such tools. If you are interested in running Windows analysis tools on a Linux platform. Tools included on REMnux: Analyzing Flash malware: swftools, flasm, flare Analyzing IRC bots: IRC server (Inspire IRCd) and client (Irssi). To launch the IRC server, type “ircd start”; to shut it down “ircd stop”. To launch the IRC client, type “irc”. Network-monitoring and interactions: Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat JavaScript de-obfuscation: Firefox with Firebug, NoScript and JavaScript Deobfuscator extensions, Rhino debugger, two versions of patched SpiderMonkey, Windows Script Decoder, Jsunpack-n Interacting with web malware in the lab: TinyHTTPd, Paros proxy Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe Dealing with protected executables: upx, packerid, bytehist, xorsearch, TRiD Malicious PDF analysis: Dider’s PDF tools, Origami framework, Jsunpack-n, pdftk Memory forensics: Volatility Framework and malware-related plugins Miscellaneous: unzip, strings, ssdeep, feh image viewer, SciTE text editor, OpenSSH server REMnux is a virtual server we liked it very much. It is easy to use if you can play with Linux. download link: http://sourceforge.net/projects/remnux/files/ <http://sourceforge.net/projects/remnux/files/> -- Regards, kishore sangaraju -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
