Ukukhutshwa kwe-REMnux 7.0, ukuhanjiswa kohlalutyo lwe-malware

Iminyaka emihlanu ukususela ekupapashweni koshicilelo lokugqibela yenziwe ukhupho olutsha losasazo olukhethekileyo lweLinux I-REM nux 7.0, yenzelwe ukufunda kunye nokubuyisela umva ikhowudi ye-malware yobunjineli. Ngexesha lenkqubo yokuhlalutya, i-REMnux ikuvumela ukuba unikeze indawo yebhubhoratri eyodwa apho unokuxelisa ukusebenza kwenkonzo ethile yenethiwekhi ehlaselwe ukufunda ukuziphatha kwe-malware kwiimeko ezikufutshane nezokwenyani. Enye indawo yesicelo se-REMnux kuphononongo lweepropathi zokufakwa okungalunganga kwiiwebhusayithi eziphunyezwe kwiJavaScript.

Usasazo lwakhiwe kwisiseko sephakheji ye-Ubuntu 18.04 kwaye isebenzisa indawo yomsebenzisi we-LXDE. IFirefox iza nesongezo seNoScript njengesikhangeli sewebhu. Ikhithi yokuhambisa ibandakanya ukhetho olugqibeleleyo lwezixhobo zokuhlalutya i-malware, izinto eziluncedo kwikhowudi yobunjineli ebuyela umva, iinkqubo zokufunda iiPDF kunye namaxwebhu eofisi aguqulwe ngabahlaseli, kunye nezixhobo zokubeka iliso kwinkqubo. Ubungakanani umfanekiso wesiqalo REMnux, ebunjwe ngenxa ukuqalisa ngaphakathi kweenkqubo ze-virtualization, yi-5.2 GB. Ekukhutshweni okutsha, zonke izixhobo ezinikezelwayo zihlaziywe, ukubunjwa kokusasazwa kwandiswe kakhulu (ubungakanani bomfanekiso womatshini obonakalayo buphindwe kabini). Uluhlu lwezixhobo eziluncedo ezicetywayo lwahlulwe ngokweendidi.

Ikhithi ibandakanya oku kulandelayo izixhobo:

• Uhlalutyo lwewebhusayithi: Thuku, i-mitmproxy, Network Miner Free Edition, curl, wget, Burp Proxy Free Edition, I-Automater, pdnstool, I-Tor, tcpextract, tcpflow, i-passive.py, I-CapTipper, yaraPcap.py;
• Uhlalutyo lweevidiyo ezikhohlakeleyo zeFlash: xxswf, Izixhobo zeSWF, I-RABCDAsm, isicatshulwa_swf, Ukutshaya;
• Uhlalutyo lweJava: Java Cache IDX Parser, JD-GUI Java Decompiler, I-JAD Java Decompiler, Javassist, CFR;
• Uhlalutyo lweJavaScript: Rhino Debugger, ExtractScripts, SpiderMonkey, V8, JS uMhombisi;
• Uhlalutyo lwePDF: HlalutyaPDF, Pdfobjflow, pdfid, pdf-parser, peepdf, I-Origami, PDF X-RAY Lite, I-PDFtk, swf_mastah, qpdf, pdf vusa;
• Uhlalutyo lwamaxwebhu e-Microsoft Office: iofisi, pyOLEScanner.py, iioletools, libolecf, oledump, emldump, MSGConvert, isiseko64dump.py, Unicode;
• Uhlalutyo lwekhowudi yeShell: isctest, unicode2hex-escaped, unicode2raw, dism-oku, ishellcode2exe;
• Ukuzisa i-obfuscation kwifomu efundekayo (deobfuscation): unXOR, XORStrings, ex_pe_xor, XORSearch, brxor.py, xortool, NoMoreXOR, XORBruteForcer, Balbuzard, IINTSHUKUMO
• Ukutsalwa kwedatha yomtya: strdeobj, pestr, imida;
• Ukubuyisela ifayile: Okokuqala, Isikali, isambuku_isitsali, I-Chopper;
• Ukubeka iliso kumsebenzi wothungelwano: IWireshark, ngrep, Ukulahla iTCP, tcpick;
• Iinkonzo zenethiwekhi: FakeDNS, Nginx, fakeMail, Ubusi, INetSim, Khuthaza i-IRCd, OpenSSH, yamkela-zonke-ips;
• Izixhobo zenethiwekhi: prettyping.sh, set-static-ip, hlaziya-dhcp, INetcat, EPIC IRC Client, istunnel, Nje-Metadata;
• Ukusebenza ingqokelela yemizekelo ye-malware: Matrieve, Ragpicker, Viper, MASTIFF, I-Density Scout;
• Inkcazo yemisayino: Ijeneretha yeYara, IOCextractor, I-Autorule, Umhleli woMthetho, ioc-parser;
• Ukuskena: Yara, ClamAV, I-TrID, ExifTool, virustotal-ngenisa, Disitool;
• Ukusebenza ngeehashi: nsrllookup, I-Automater, Isichongi seHash, Itotali, ssdeep, virustotal-ukukhangela, VirusTotalApi;
• Uhlalutyo lwe-malware yeLinux: Sysdig, Ungafihli
• IiDissemblers: Vivisect, Udis86, objdump;
• Debuggers: I-Evan's Debugger (EDB), I-GNU Project Debugger (GDB);
• Iinkqubo zokulandela umkhondo: umtya, i-ltrace
• Phanda: Radare 2, Pyew, bokken, m2 elf, ELF Parser;
• Ukusebenza ngedatha yombhalo: SciTE, IsiGeany, vím;
• Ukusebenza ngemifanekiso: ewe, ImageMagick;
• Ukusebenza ngeefayile zokubini: wxHexEditor, VBinDiff;
• Uhlalutyo lokulahla inkumbulo: Isakhelo se-Volatility, ezifunyenweyo, AESKeyFinder, RSAKeyFinder, IVolDiff, Rekall, linux_mem_diff_isixhobo;
• Uhlalutyo lweefayile zePE eziphunyeziweyo I-UPX, I-Bytehist, I-Density Scout, PackerID, objdump, Udis86, Vivisect, Iimpawu, pescanner, ExeScan, enp, I-Peframe, pedump, bokken, RATDecoders, Pyew, readpe.py, I-PyInstaller Extractor, DC3-MWCP;
• Uhlalutyo olungalunganga lwezixhobo eziphathwayo: Androwarn, AndroGuard.

umthombo: opennet.ru