Slashdot Mirror

← Back to Stories (view on slashdot.org)

REMnux, the Malware Analysis Linux OS

Posted by Soulskill on from the penguins-with-guns dept.

Trailrunner7 writes "A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools that comprise a very powerful environment for taking apart malicious code. REMnux is the creation of Lenny Zeltser, an expert on malware reverse engineering who teaches a popular course on the topic at SANS conferences. He put the operating system together after years of having students ask him which tools to use and what works best. He originally used Red Hat Linux, but recently decided that Ubuntu was a better fit. REMnux has three separate tools for analyzing Flash-specific malware, including SWFtools, Flasm and Flare, as well as several applications for analyzing malicious PDFs, including Didier Stevens' analysis tools. REMnux also has a number of tools for de-obfuscating JavaScript, including Rhino debugger, a version of Firefox with NoScript, JavaScript Deobfuscator and Firebug installed, and Windows Script Decoder."

4 of 58 comments (clear)

  1. Re:How do you analyze and debug Windows malware by Lunix+Nutcase · · Score: 2, Informative

    Did you even read what they said? Most malware has code to prevent it from running or from running the same way in a virtual environment.

  2. Re:Reminds me of... by capnchicken · · Score: 2, Informative

    And what the hell, so we have malware analyzer distribution in the story, a honey pot distribution in the parent, why don't we finish off this security distribution triumvirate with a penetration tester distribution as well: http://www.backtrack-linux.org/

    --
    A libertarian shat on my carpet once. Claimed the free market would sort it out. -Ford Prefect(8777)
  3. Re:stripped-down Ubuntu by Dragoniz3r · · Score: 3, Informative

    From one way of thinking, Debian is Ubuntu stripped down in one specific way. If you don't want Ubuntu stripped down in that specific way, then you're possibly better off stripping down Ubuntu to what you want, rather than trying to add to Debian (and probably prune other things from Debian that you didn't want anyways).

  4. Re:so much ego, so little marketshare by Anonymous Coward · · Score: 2, Informative

    It's easy to "remix" a distro nowadays. It is pretty much just choose what packages you want, change a couple config files and you're done - not really any more difficult than your suggestion.

    As it is, people can already install those extra packages from the customized distro or take the customized distro and install extra things in it.