Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Operating Systems Ubuntu Worms Linux

REMnux, the Malware Analysis Linux OS 58

Posted by Soulskill from the penguins-with-guns dept.
Trailrunner7 writes "A security expert has released a stripped-down Ubuntu distribution designed specifically for reverse-engineering malware. The OS, called REMnux, includes a slew of popular malware-analysis, network monitoring and memory forensics tools that comprise a very powerful environment for taking apart malicious code. REMnux is the creation of Lenny Zeltser, an expert on malware reverse engineering who teaches a popular course on the topic at SANS conferences. He put the operating system together after years of having students ask him which tools to use and what works best. He originally used Red Hat Linux, but recently decided that Ubuntu was a better fit. REMnux has three separate tools for analyzing Flash-specific malware, including SWFtools, Flasm and Flare, as well as several applications for analyzing malicious PDFs, including Didier Stevens' analysis tools. REMnux also has a number of tools for de-obfuscating JavaScript, including Rhino debugger, a version of Firefox with NoScript, JavaScript Deobfuscator and Firebug installed, and Windows Script Decoder."
This discussion has been archived. No new comments can be posted.

REMnux, the Malware Analysis Linux OS More

REMnux, the Malware Analysis Linux OS

Comments Filter:

  • How do you analyze and debug Windows malware (Score:5, Insightful)

    by SquarePixel ( 1851068 ) on Friday July 09, 2010 @03:35PM (#32854036)

    Malware often uses low-level code and tricks which makes them break when they are being run in an emulator. They also often have checks and tricks in place to detect if they are being run in a virtual machine and either crash itself or act differently. How do you run Windows executables with this so that they actually work normally?

    For example Mac OSX malware is not yet at the point where it's particularly hard to analyze, they're mostly just shell scripts or executables with no low level tricks.

  • Re:How do you analyze and debug Windows malware (Score:2, Insightful)

    by sexconker ( 1179573 ) on Friday July 09, 2010 @04:07PM (#32854460)

    Uh, no, because the code can just check itself.

    The only way to find out what something does is to read the code. Shocking, I know.

    If that code's been compiled, then decompile it. By machine or by hand, either way. It's not hard to do, it's just time-consuming.

  • stripped-down Ubuntu (Score:3, Insightful)

    by Kylock ( 608369 ) on Friday July 09, 2010 @04:10PM (#32854486)

    Whats the difference between stripped-down Ubuntu and Debian ?

    I've been seeing this fairly often lately and don't see why people strip down Ubuntu, it seems like extra work.

  • There is a difference (Score:3, Insightful)

    by nurb432 ( 527695 ) on Friday July 09, 2010 @04:46PM (#32854962) Homepage Journal

    Its called marketing.

  • Re:so much ego, so little marketshare (Score:3, Insightful)

    by ducomputergeek ( 595742 ) on Friday July 09, 2010 @06:22PM (#32855986)

    We use SuSE studio to build distros that work with particular hardware with our software and dependency's already installed, configured, and ready to go for our client. Usually these are configured as LiveDVD's so the end user can load from the DVD rom, test make sure everything works before double clicking the the "Install now" icon and install on their machines.

    Want to know the really interested part: we've yet to sell a single Linux install distro. Not one. We've given a few out for demos. But all our clients want to run the software on Windows. (Software is Java with PostgreSQL as the database. Runs pretty much anywhere those two apps will).

Slashdot Top Deals

Say "twenty-three-skiddoo" to logout.

Close