Malware Analysis Tools Set Up On REMnux

Analyzing Flash malware: swftools, flasm, flare

Analyzing IRC bots: IRC server (Inspire IRCd) and client (Irssi). To launch the IRC server, type "ircd start"; to shut it down "ircd stop". To launch the IRC client, type "irc".

Network-monitoring and interactions: Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat

JavaScript deobfuscation: Firefox with Firebug, NoScript and JavaScript Deobfuscator extensions, Rhino debugger, two versions of patched SpiderMonkey, Windows Script Decoder, Jsunpack-n

Interacting with web malware in the lab: TinyHTTPd, Paros proxy

Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe

Dealing with protected executables: upx, packerid, bytehist, xorsearch, TRiD

Malicious PDF analysis: Dider's PDF tools, Origami framework, Jsunpack-n, pdftk

Memory forensics: Volatility Framework and malware-related plugins

Miscellaneous: unzip, strings, ssdeep, feh image viewer, SciTE text editor, OpenSSH server