Liberasyon REMnux 7.0, yon distribisyon analiz malveyan

Senk ane depi piblikasyon dènye nimewo a fòme Nouvo lage yon distribisyon espesyalize Linux REM nux 7.0, ki fèt pou etidye ak ranvèse enjenyè kòd malveyan. Pandan pwosesis analiz la, REMnux pèmèt ou bay yon anviwònman laboratwa izole kote ou ka imite operasyon an nan yon sèvis rezo espesifik anba atak yo etidye konpòtman an nan malveyan nan kondisyon ki toupre sa yo reyèl. Yon lòt zòn nan aplikasyon REMnux se etid la nan pwopriyete yo nan foure move sou sit entènèt aplike nan JavaScript.

Se distribisyon an bati sou baz pakè Ubuntu 18.04 epi li sèvi ak anviwònman itilizatè LXDE. Firefox vini ak NoScript ajoute kòm yon navigatè entènèt. Twous distribisyon an gen ladann yon seleksyon jistis konplè zouti pou analize malveyan, sèvis piblik pou kòd jeni ranvèse, pwogram pou etidye PDF ak dokiman biwo atakè yo modifye, ak zouti pou kontwole aktivite nan sistèm nan. Gwosè imaj bòt REMnux, te fòme pou lansman andedan sistèm Virtualization, li se 5.2 GB. Nan nouvo lage a, tout zouti yo ofri yo te mete ajou, konpozisyon distribisyon an te siyifikativman elaji (gwosè imaj machin vityèl la double). Lis sèvis piblik yo pwopoze a divize an kategori.

Twous la gen ladan sa ki annapre yo zouti:

• Analiz sit entènèt: bandi, mitmproxy, Rezo Miner gratis edisyon, pli, wget, Burp Proxy gratis edisyon, Otomatik, pdnstool, Tor, tcpextract, tcpflow, passive.py, CapTipper, yaraPcap.py;
• Analiz videyo Flash move: xxxswf, Zouti SWF, RABCDAsm, ekstrè_swf, fize;
• Analiz Java: Java Cache IDX Analyseur, JD-GUI Java Decompiler, JAD Java Decompiler, Javasist, CFR;
• Analiz JavaScript: Debugger Rhino, ExtraitScripts, SpiderMonkey, V8, JS Beautifier;
• Analiz PDF: AnalizePDF, Pdfobjflow, pdfid, pdf-parser, peepdf, origami, PDF X-RAY Lite, pdftk, swf_mastah, qpdf, pdf resurrect;
• Analiz dokiman Microsoft Office: officeparser, pyOLEScanner.py, oletools, libolecf, oledump, emldump, MSGConvert, base64dump.py, likod;
• Analiz Shellcode: sctest, unicode2hex-chape, unicode2raw, dism-sa a, shellcode2exe;
• Pote obfuscation nan fòm lizib (deobfuscation): unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Balbuzard, FLOSS
• Ekstrè done fisèl: strdeobj, pestr, strings;
• Rekiperasyon dosye: Premye, Bistouri, bulk_extractor, Chopper;
• Siveyans aktivite rezo: Wireshark, ngrep, TCP pil fatra, tcpick;
• Sèvis rezo: FakeDNS, Nginx, fakeMail, Honeyd, INetSim, Enspire IRCd, OpenSSH, aksepte-tout-ips;
• Sèvis piblik rezo: prettyping.sh, set-static-ip, renew-dhcp, netcat, EPIC IRC Kliyan, stunnel, Jis-Metadata;
• Travay ak yon koleksyon egzanp malveyan: Maltrieve, Ragpicker, sèpan, MASTIFF, Scout dansite;
• Definisyon siyati: YaraGenerator, IOCextractor, Autorule, Editè Règ, ioc-parser;
• Analyse: Yara, ClamAV, Trid, ExifTool, virustotal-soumèt, Disitool;
• Travay ak hash: nsrllookup, Otomatik, Idantifikatè Hash, totalhash, ssdeep, virustotal-search, VirusTotalApi;
• Analiz malveyan Linux: Sysdig, Dekonekte
• Demonte: Vivisect, Udis86, objdump;
• Debogaj: Debugger Evan a (EDB), GNU Project Debugger (GDB);
• Sistèm trase: strace, tras
• Envestige: Rada 2, Pyew, bokken, m2elf, ELF analizeur;
• Travay ak done tèks: SciTE, Geany, Vim;
• Travay ak imaj: feh, ImageMagick;
• Travay ak dosye binè: wxHexEditor, VBinDiff;
• Analiz depo memwa: Cadre volatilité, findaes, AESKeyFinder, RSAKeyFinder, VolDiff, Rekall, linux_mem_diff_tool;
• Analiz de dosye PE ègzèkutabl UPX, Bytehist, Scout dansite, PackerID, objdump, Udis86, Vivisect, Signsrch, pescanner, ExeScan, enp, Peframe, pedump, bokken, RATDecoders, Pyew, readpe.py, PyInstaller Extracteur, DC3-MWCP;
• Analiz malveyan pou aparèy mobil: Androwarn, AndroGuard.

Sous: opennet.ru