Sakin REMnux 7.0, rarraba nazarin malware

Shekaru biyar da fitowar fitowar ta ƙarshe kafa sabon saki na musamman rarraba Linux TAMBAYA 7.0, an tsara shi don yin nazari da juyar da lambar injiniyan malware. A yayin aiwatar da bincike, REMnux yana ba ku damar samar da keɓantaccen yanayin dakin gwaje-gwaje wanda zaku iya kwaikwayi aikin takamaiman sabis na cibiyar sadarwa da ke ƙarƙashin harin don nazarin halayen malware a cikin yanayi kusa da na ainihi. Wani yanki na aikace-aikacen REMnux shine nazarin kaddarorin abubuwan shigar da mugunta akan rukunin yanar gizon da aka aiwatar a cikin JavaScript.

An gina rarrabawar akan tushen kunshin Ubuntu 18.04 kuma yana amfani da yanayin mai amfani na LXDE. Firefox ta zo tare da ƙarawar NoScript azaman mai binciken gidan yanar gizo. Kit ɗin rarrabawa ya haɗa da cikakkiyar zaɓi na kayan aikin don nazarin malware, abubuwan amfani don lambar injiniyan baya, shirye-shiryen nazarin PDFs da takaddun ofis waɗanda maharan suka gyara, da kayan aikin sa ido kan ayyukan a cikin tsarin. Girman hoton taya REMnux, an kafa don jefa A cikin tsarin haɓakawa, yana da 5.2 GB. A cikin sabon saki, duk kayan aikin da aka ba da su an sabunta su, an ƙaddamar da abun da ke cikin rarrabawa sosai (girman hoton injin kama-da-wane ya ninka sau biyu). An raba jerin abubuwan amfani da aka tsara zuwa rukuni.

Kit ɗin ya ƙunshi abubuwa masu zuwa kayan aiki:

• Binciken Yanar Gizo: 'Yan daba, mitmproxy, Ɗabi'ar Ma'adinan Yanar Gizon Kyauta, Curl, wget, Burp Proxy Free Edition, Mai sarrafa kansa, pdnstool, Tor, tcpextract, tcpflow, m.py, CapTipper, yaraPcap.py;
• Binciken bidiyoyin Flash masu cutarwa: xxxswf, Kayan aikin SWF, RBCDAsm, cire_swf, walƙiya;
• Java Analysis: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javassist, CFR;
• Binciken JavaScript: Mai gyara Rhino, ExtractScripts, SpiderMonkey, V8, JS Beautifier;
• Binciken PDF: Yi nazarin PDF, Pdfobjflow, pdfid, pdf-parser, peepdf, Origami, PDF X-RAY Lite, pdftk, swf_mastah, qpdf, pdf tashin matattu;
• Binciken takardun Microsoft Office: ma'aikacin ofishin, pyOLEScanner.py, oletools, libolecf, oledump, emldump, Maida MSG, tushe64 dump.py, unicode;
• Binciken Shellcode: jarrabawa, unicode2hex-cece, unicode2raw, dism - wannan, shellcode2exe;
• Kawo ɓarna cikin sigar da za a iya karantawa (deobfuscation): unXOR, XORSstrings, ex_pe_xor, Binciken XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Balbuzard, FLASH
• Ciro bayanan kirtani: strdeobj, kwaro, kirtani;
• Maido da fayil: Gaba dai, Fatawar kai, girma_extractor, Chopper;
• Kula da ayyukan hanyar sadarwa: Wireshark, ngrep, Farashin TCP, tcpick;
• Ayyukan hanyar sadarwa: karya DNS, Nginx, karya Mail, zuma, INetSim, Ƙarfafa IRCd, BUDE, yarda-duk-ip;
• Abubuwan amfani na hanyar sadarwa: kyakkyawa.sh, saita-static-ip, sabunta-dhcp, Kayan gida, Abokin ciniki na EPIC IRC, stunnel, Just-Metadata;
• Yin aiki tare da tarin misalan malware: Maltrive, Ragpicker, Viper, MASTIFF, Density Scout;
• Ma'anar sa hannu: YaraGenerator, IOCextractor, Tsarin Mulki, Editan doka, ioc-parser;
• Ana dubawa: Yara, ClamAV, Trid, ExifTool, virustotal - sallama, Disitool;
• Yin aiki tare da hashes: nsrllookup, Mai sarrafa kansa, Hash Identifier, totalhash, ssdeep, virustotal-bincike, VirusTotalApi;
• Binciken malware na Linux: Sysdig, Rashin ɓoyewa
• Masu rarrabawa: Vivisect, Udis86, objdump;
• Masu gyara kuskure: Evan's Debugger (EDB), GNU Project Debugger (GDB);
• Tsarin bin diddigi: madauri, ltrace
• Bincika: Radare 2, Pyew, bokken, m2 shafi, Farashin ELF;
• Aiki tare da bayanan rubutu: SciTE, Gean, Vim;
• Aiki tare da hotuna: feh, ImageMagick;
• Yin aiki tare da fayilolin binary: wxHexEditor, VBinDiff;
• Binciken juji da ƙwaƙwalwar ajiya: Tsarin Volatility, samu, AESKeyFinder, RSAKeyFinder, VolDiff, Tuna, linux_mem_diff_tool;
• Binciken fayilolin PE masu aiwatarwa UPX, Bytehist, Density Scout, PackerID, objdump, Udis86, Vivisect, Alamun, pescanner, ExeScan, pev, Peframe, pedump, bokken, RATDecoders, Pyew, karanta.py, PyInstaller Extractor, Saukewa: DC3-MWCP;
• Binciken malware don na'urorin hannu: Androwarn, AndroGuard.

source: budenet.ru