Tso tawm REMnux 7.0, ib qho kev faib rau malware tsom xam

Tsib xyoos txij li kev tshaj tawm ntawm qhov teeb meem kawg tsim kev tso tawm tshiab ntawm qhov tshwj xeeb Linux faib REMNuj 7.0, tsim los kawm thiab thim rov qab engineer malware code. Thaum lub sij hawm soj ntsuam txheej txheem, REMnux tso cai rau koj los muab ib qho chaw nyob ib puag ncig uas koj tuaj yeem ua raws li kev ua haujlwm ntawm cov kev pabcuam tshwj xeeb hauv kev tawm tsam los kawm txog tus cwj pwm ntawm malware hauv cov xwm txheej ze rau cov neeg tiag tiag. Lwm thaj chaw ntawm kev thov ntawm REMnux yog kev kawm txog cov khoom ntawm cov khoom tsis zoo ntawm cov vev xaib siv hauv JavaScript.

Kev faib tawm yog tsim los ntawm Ubuntu 18.04 pob hauv paus thiab siv LXDE tus neeg siv ib puag ncig. Firefox los nrog NoScript add-on ua lub web browser. Cov khoom siv faib khoom suav nrog kev xaiv ua tiav ntawm cov cuab yeej rau kev tshuaj xyuas malware, cov khoom siv hluav taws xob rau kev thim rov qab engineering code, cov kev pab cuam rau kev kawm PDFs thiab cov ntaub ntawv chaw ua haujlwm hloov kho los ntawm cov neeg tawm tsam, thiab cov cuab yeej los saib xyuas cov haujlwm hauv lub system. Loj khau raj duab REMnux, tsim rau tua tawm hauv virtualization systems, nws yog 5.2 GB. Nyob rau hauv qhov kev tso tawm tshiab, tag nrho cov cuab yeej muab tau raug kho dua tshiab, muaj pes tsawg leeg ntawm kev faib tawm tau nthuav dav (qhov loj ntawm lub tshuab virtual duab tau nce ob npaug). Daim ntawv teev cov khoom siv hluav taws xob tau muab faib ua pawg.

Cov khoom siv suav nrog cov hauv qab no twj:

• Kev txheeb xyuas lub vev xaib: Tug, mitmproxy ua, Network Miner Free Edition, curl, Dab, Burp Proxy Free Edition, Automater, pdnstool ua, TR, tcpextract ua, tcpflow, passive.py, CapTipper, yaraPcap.py;
• Kev tshuaj xyuas ntawm cov yeeb yaj kiab Flash siab phem: xxx swb, SWF Tools, RABCDAsm, extract_swf, Flare;
• Java Analysis: Java Cache IDX Parser, JD-GUI Java Decompiler, JAD Java Decompiler, Javasist, CFR;
• JavaScript Analysis: Rhino Debugger, ExtractScripts, Kablia vwj, V8, JS Beautifier;
• PDF Analysis: AnalyzePDF, Pdfobjflow, pdfid ua, pdf-parser, peb pdf, Origami, PDF X-RAY Lite, pdftk ib, swf_mastah, qpdf ua, pdf sawv rov los;
• Kev txheeb xyuas ntawm Microsoft Office cov ntaub ntawv: officeparser, pyOLEScanner.py, oletools, libolecf, oleum, emld pom, MSGConvert, puag 64dump.py, unicode;
• Shellcode tsom xam: sctest, unicode2hex-escaped, unicode2raw, dism- qhov no, shellcode2exe;
• Nqa obfuscation rau hauv daim ntawv nyeem tau (deobfuscation): unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py ua, xortool, NoMoreXOR, XORBruteForcer, Balbuzard, YOOJ YIM
• Extracting hlua cov ntaub ntawv: strdeobj, pesstr, cov hlua;
• Cov ntaub ntawv rov qab: Foremost, Pob zeb ntuag, ntau_extractor, Chopper;
• Network xyuas kev ua ub no: Wireshark, nce, TCPDum, tcpick ua;
• Network Services: FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Txhawb nqa IRCd, OpenSSH, txais-tag nrho-ips;
• Network Utilities: zoo.sh, set-static-ip, txuas ntxiv-dhcp, netcat, EPIC IRC Client, txhav, Tsuas yog Metadata;
• Ua hauj lwm nrog ib phau ntawm malware piv txwv: Maltrieve, Ragpicker, Viper, MASTIFF, Ceev Scout;
• Txhais kev kos npe: YaraGenerator, IOCextractor, Autorule, Txoj Cai Editor, ioc-parser;
• Scanning: Yara, ClamAV, Huab Tais, ExifTool, virustotal-submit, Disitool;
• Ua haujlwm nrog hashes: nsrllookup ua, Automater, Hash Identifier, totalhash, ssdeep, virustotal-search, VirusTotalApi;
• Linux malware tsom xam: Sysdig, Tsis xav
• Disassemblers: Vivisect, Udis 86, objdump;
• Debuggers: Evan's Debugger (EDB), GNU Project Debugger (GDB);
• Tracing systems: nruj, ltrace
• Soj ntsuam: Radare 2, Pyew, bokken ua, m2elf ua, ELF Parser;
• Ua haujlwm nrog cov ntawv nyeem: SciTE, Geany, Vim;
• Ua haujlwm nrog cov duab: feh ib, ImageMagick;
• Ua haujlwm nrog cov ntaub ntawv binary: wxHexEditor, VBinDiff;
• Memory dump analysis: Volatility Framework, nrhiav, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool;
• Kev tshuaj xyuas cov ntaub ntawv PE ua tau UPX, Bytehist, Ceev Scout, PackerID, objdump, Udis 86, Vivisect, Kos npe, pescanner, ExeScan, pev, Peframe, pedump, bokken ua, RATDecoders, Pyew, readpe.py, PyInstaller Extractor, DC3-MWCP UAS;
• Malware tsom xam rau cov khoom siv mobile: Androwarn, AndroGuard.

Tau qhov twg los: opennet.ru