Hoʻokuʻu ʻia ʻo REMnux 7.0, kahi hoʻohele loiloi malware

ʻElima makahiki mai ka paʻi ʻana o ka pukana hope loa hoʻokumu ʻia hoʻokuʻu hou o kahi hoʻolaha Linux kūikawā ʻO Remnux 7.0, i hoʻolālā ʻia e aʻo a hoʻohuli hou i ka code malware. I ka wā o ke kaʻina hana loiloi, ʻae ʻo REMnux iā ʻoe e hāʻawi i kahi ʻenehana kaʻawale kahi e hiki ai iā ʻoe ke hoʻohālike i ka hana o kahi lawelawe pūnaewele kikoʻī e hoʻouka ʻia e aʻo i ka ʻano o ka malware i nā kūlana kokoke i nā mea maoli. ʻO kahi ʻāpana ʻē aʻe o ka noi ʻana o REMnux ke aʻo ʻana i nā waiwai o nā mea hoʻokomo hewa ma nā pūnaewele i hoʻokō ʻia ma JavaScript.

Kūkulu ʻia ka māhele ma ka waihona waihona ʻo Ubuntu 18.04 a hoʻohana i ka mea hoʻohana LXDE. Hele mai ʻo Firefox me ka NoScript add-on ma ke ʻano he polokalamu kele pūnaewele. Aia i loko o ka pahu hāʻawi kahi koho piha piha o nā mea hana no ka nānā ʻana i ka malware, nā pono no ka hoʻohuli ʻana i ke code engineering, nā papahana no ke aʻo ʻana i nā PDF a me nā palapala keʻena i hoʻololi ʻia e nā mea hoʻouka, a me nā mea hana no ka nānā ʻana i ka hana ma ka ʻōnaehana. Nui kiʻi kāmaʻa REMnux, i hoʻokumu ʻia no hoʻolana i loko o nā ʻōnaehana virtualization, ʻo ia ka 5.2 GB. I ka hoʻokuʻu hou, ua hōʻano hou ʻia nā mea hana a pau i hāʻawi ʻia, ua hoʻonui nui ʻia ka hoʻohui ʻana o ka hoʻoili ʻana (ua pālua ka nui o ke kiʻi mīkini virtual). Hoʻokaʻawale ʻia ka papa inoa o nā pono hana i manaʻo ʻia i nā ʻāpana.

Aia i loko o ka pahu nā mea aʻe nā mea hana:

• ʻIkepili pūnaewele: ʻAhaʻi, mitmproxy, Pūnaehana Miner Free Edition, pana, wget, Burp Proxy Free Edition, Mea mīkini hana, pdnstool, ʻO Tor, tcpextract, tcpflow, passive.py, CapTipper, yaraPcap.py;
• Ka nānā ʻana i nā wikiō Flash maikaʻi ʻole: xxxswf, Mea Hana SWF, RABCDAsm, extract_swf, Pā;
• ʻIkepili Java: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javassist, CFR;
• Nānā JavaScript: Rhino Debugger, ExtractScripts, Punawelewele, Spider, V8, JS Nani;
• Nānā PDF: NānāPDF, Pdfobjflow, pdfid, pdf-parser, peepdf, Origami, PDF X-RAY Lite, pdftk, swf_mastah, qpdf, pdfresurrect;
• ʻIkepili o nā palapala Microsoft Office: officeparser, pyOLEscanner.py, oletools, libolecf, oledump, emldump, MSGCConvert, base64dump.py, unicode;
• Kānāwai Shellcode: sctest, unicode2hex-pakele, unicode2raw, dism-kēia, shellcode2exe;
• Ka lawe ʻana i ka obfuscation i ke ʻano hiki ke heluhelu ʻia (deobfuscation): unXOR, XORStrings, ex_pe_xor, XORHuli, brxor.py, mea hoʻohana, NoMoreXOR, XORBruteForcer, Osprey, LOA
• Ke unuhi nei i ka ʻikepili string: strdeobj, pestr, nā aho;
• Hoʻihoʻi waihona: Poʻokela, ʻŌpalapala, mea hoʻoheheʻe nui, Kopa;
• Ka nānā ʻana i nā hana ʻoihana pūnaewele: Wireshark, ngrep, TCP Dump, tcpick;
• Nā lawelawe pūnaewele: FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Hoʻoulu i ka IRCd, OpenSSH, ʻae-a-ips;
• Nā pono pūnaewele: prettyping.sh, hoʻonohonoho-static-ip, renew-dhcp, ʻĀlapa, EPIC IRC mea kūʻai, pūpū, Just-Metadata;
• Ke hana nei me ka hōʻiliʻili o nā laʻana malware: Maltrieve, Ragpicker, Kaupa, MASTIFF, Makaikiu Density;
• Wehewehe o nā pūlima: YaraGenerator, IOCextractor, Autorule, Lunahooponopono Rula, ioc-parser;
• Ke nānā nei: Yara, Kuhi, Keleka, ExifTool, virustotal-submit, Disitool;
• Ke hana nei me nā hashes: nsrllookup, Mea mīkini hana, ʻIke Hash, huinahash, sshohonu, hulina-virustotal, VirusTotalApi;
• Ka nānā 'ana i nā polokalamu polokalamu Linux: Sysdig, ʻIdehea
• Nā mea hoʻokaʻawale: Vivisect, Udis86, objdump;
• Nā Debuggers: ʻO Evan's Debugger (EDB), ʻO ka Debugger Pāhana GNU (GDB);
• Pūnaehana huli: kaulaʻi, ltrace
• Nānā: Radare 2, Pyew, ʻO Bokken, m2elf, ELF Parser;
• Ke hana nei me ka ʻikepili kikokikona: SciTE, ʻO Geany, Vim;
• Ke hana nei me nā kiʻi: feh, 'Oiʻopiʻi;
• Ke hana nei me nā faila binary: wxHexEditor, VBinDiff;
• ʻIkepili hoʻopaʻa hoʻomanaʻo: Kūʻai polū, mea loaa, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool;
• Nānā i nā faila PE hiki ke hoʻokō UPX, Bytehist, Makaikiu Density, PackerID, objdump, Udis86, Vivisect, Signsrch, mea hoʻopalekana, ExeScan, enp, Peframe, hoʻopaʻapaʻa, ʻO Bokken, RATDecoders, Pyew, readpe.py, PyInstaller Extractor, DC3-MWCP;
• Ka nānā 'ana i nā polokalamu Malware no nā polokalamu kelepona: AndroWarn, AndroGuard.

Source: opennet.ru