Slashdot Mirror
REMnux, the Malware Analysis Linux OS
Trailrunner7 writes "A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools that comprise a very powerful environment for taking apart malicious code. REMnux is the creation of Lenny Zeltser, an expert on malware reverse engineering who teaches a popular course on the topic at SANS conferences. He put the operating system together after years of having students ask him which tools to use and what works best. He originally used Red Hat Linux, but recently decided that Ubuntu was a better fit. REMnux has three separate tools for analyzing Flash-specific malware, including SWFtools, Flasm and Flare, as well as several applications for analyzing malicious PDFs, including Didier Stevens' analysis tools. REMnux also has a number of tools for de-obfuscating JavaScript, including Rhino debugger, a version of Firefox with NoScript, JavaScript Deobfuscator and Firebug installed, and Windows Script Decoder."
Malware often uses low-level code and tricks which makes them break when they are being run in an emulator. They also often have checks and tricks in place to detect if they are being run in a virtual machine and either crash itself or act differently. How do you run Windows executables with this so that they actually work normally?
For example Mac OSX malware is not yet at the point where it's particularly hard to analyze, they're mostly just shell scripts or executables with no low level tricks.
Your post reminds me of a family guy flashback that has absolutely nothing to do with what's happening at the time.
Whats the difference between stripped-down Ubuntu and Debian ?
I've been seeing this fairly often lately and don't see why people strip down Ubuntu, it seems like extra work.