REMnux: A Linux Distribution for Reverse-Engineering Malware

Viewing 5 reply threads
  • Author
    • #5304

      This just came out today:

      REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. The distribution is based on Ubuntu and is maintained by Lenny Zeltser.

      Download it here.

    • #33584

      Very interesting, thanks nebu10z!

      This distro can do more than Reverse Engineering:

      Malware Analysis Tools Set Up On REMnux

      Analyzing Flash malware: swftools, flasm, flare

      Analyzing IRC bots: IRC server (Inspire IRCd) and client (Irssi). To launch the IRC server, type “ircd start”; to shut it down “ircd stop”. To launch the IRC client, type “irc”.

      Network-monitoring and interactions: Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat

      JavaScript deobfuscation: Firefox with Firebug, NoScript and JavaScript Deobfuscator extensions, Rhino debugger, two versions of patched SpiderMonkey, Windows Script Decoder, Jsunpack-n

      Interacting with web malware in the lab: TinyHTTPd, Paros proxy

      Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe

      Dealing with protected executables: upx, packerid, bytehist, xorsearch, TRiD

      Malicious PDF analysis: Dider’s PDF tools, Origami framework, Jsunpack-n, pdftk

      Memory forensics: Volatility Framework and malware-related plugins

      Miscellaneous: unzip, strings, ssdeep, feh image viewer, SciTE text editor, OpenSSH server

      I will take a look at it soon…

    • #33585

      Lenny has been giving this out at his GREM courses for quite awhile. Nice to see that it is now publicly available.

    • #33586

      Very Coooool thanks for the info  😉

    • #33587

      Even old posts in are valuable.. Will download it right away… Thanks for bring this up back again  H0nd0CSI

    • #33588

      Unfortunately, I may need to this soon.

      Curse you chinese hackers … well thank you in a sort of twisted way.  At least the malware is on a test system.

Viewing 5 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?