legal contact rss

REMnux Malware analysis distro

Check this out... sounds cool !!!

I'll have try in evaluating it right now.

REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware

REMnux® is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locate or set up.

The heart of the project is the REMnux Linux distribution based on Ubuntu. This lightweight distro incorporates many tools for analyzing Windows and Linux malware, examining browser-based threats such as obfuscated JavaScript, exploring suspicious document files and taking apart other malicious artifacts. Investigators can also use the distro to intercept suspicious network traffic in an isolated lab when performing behavioral malware analysis.

Follow REMnux accounts on TwitterFacebook and Google Plus to receive notifications of REMnux updates and news.


Import the REMnux Virtual Appliance

Once you’ve downloaded the REMnux OVA file, import it into your virtualization software, then start the virtual machine. For step-by-step instructions for importing the virtual appliance, take a look at the VirtualBox screenshot and VMware Workstation screenshot slideshows.

There is no need to extract contents of the OVA file manually before importing it. Simply load the OVA file into your virtualization software to begin the import. If you attempt to extract OVA file’s contents and try importing the embedded OVF file in VirtualBox, you will likely encounter an error, such as “could not verify the content of against the available files, unsupported digest type.”

If importing into QEMU, extract contents of the OVA file and run the qemu-img command like this:

tar xvf remnux-6.0-ova-public.ova
qemu-img convert -O qcow2 REMnuxV6-disk1.vmdk remnux.qcow2

In all cases, once you boot up the imported virtual machine, it will automatically log you into the system using the user named “remnux”. The user’s password is “malware”; you might need to specify it when performing privileged operations.

After booting into the virtual appliance, run the update-remnux full command on REMnux to update its software. This will allow you to benefit from any enhancements introduced after the virtual appliance has been packaged. Your system needs to have Internet access for this to work.

You can learn the malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking Reverse-Engineering Malware training at SANS Institute.