REMnux Linux 專門拿來分析惡意軟體用得 Linux distro

最近看到這套 Linux distro - REMnux Linux, 看起來是專門拿來分析惡意軟體用的~

REMnux Linux 專門拿來分析惡意軟體用得 Linux distro

既然是分析惡意軟體用的, 作法也跟一般的 OS 不同, 官方(REMnux.org)下載會是 VirtualBox / VMware / Live CD ISO 檔, 而不是系統安裝光碟.

以下摘錄此 Linux distro 有內建哪些軟體、何種用途 等等, 最新版本請回官方網站去看.

下述摘錄自此篇: REMnux: A Linux Distribution for Reverse-Engineering Malware

Malware Analysis Tools Set Up On REMnux

  • Analyze Flash malware: SWFTtools, flasm, flare, RABCDAsm and xxxswf.py and extract_swf.py
  • Observe and interact with network activities: Wireshark, Honeyd, INetSim, fakedns, fakesmtp , NetCat, NetworkMiner, ngrep, pdnstool, tcpdump, IRC server (Inspire IRCd) and IRC client (epic5)
  • Decode JavaScript: Firefox Firebug, QuickJava and JavaScript Deobfuscator extensions, Rhino debugger, JS-Beautify, SpiderMonkey, V8, Windows Script Decoder, Malzilla and Jsunpackn
  • Explore and interact with web malware: Firefox User Agent Switcher extensions, TinyHTTPd, Burp Proxy, Stunnel, Tor , Jsunpackn and torsocks.
  • Analyze shellcode: gdb, objdump, Radare, shellcode2exe, libemu (sctest), udis86 (udcli)
  • Examine suspicious executables: upx, packerid, bytehist, DensityScout, xorsearch, xortool, TRiD, xortools.py, NoMoreXOR, brutexor, XORBruteForcer, ClamAV, ssdeep, md5deep, pescanner, pev, dism-this, ExeScan, autorule (/usr/local/autorule), distool and Pyew
  • Analyze malicious documents: Didier Steven's PDF tools, Origami framework, PDF X-RAY Lite, Peepdf, Jsunpackn, pdftk, pyOLEScanner.py, OfficeMalScanner, and Hachoir
  • Decompile Java programs: Jad, JD-gui
  • Perform memory forensics: Volatility Framework, bulk_extractor, AESKeyFinder and RSAKeyFinder.
  • Handle miscellaneous tasks: unzip, unrar, strings, feh image viewer, SciTE text editor, OpenSSH server, findaes, Xpdf PDF viewer, VBinDiff file comparison/viewer, ProcDot, hack-functions (/usr/local/hack-functions), ExifTool, MASTIFF and XMind.

下述摘錄自此篇: REMnux Usage Tips for Malware Analysis on Linux - 如何使用

  • Spot hidden processes: psxview
  • List all processes: pslist, psscan
  • Show a registry key: printkey -K key
  • Extract process image: procexedump
  • Extract process memory: memdump, vaddump
  • List open handles, files, DLLs and mutant objects: handles, filescan, dlllist, mutantscan
  • List services, drivers and kernel modules: svcscan, driverscan, modules, modscan
  • View network activities: connscan, connections,
    sockets, sockscan, netscan
  • View activity timeline: timeliner, evtlogs
  • Find and extract malware: malfind, apihooks

作者: Tsung

對新奇的事物都很有興趣, 喜歡簡單的東西, 過簡單的生活.

發表迴響

這個網站採用 Akismet 服務減少垃圾留言。進一步了解 Akismet 如何處理網站訪客的留言資料