Saturday, January 15, 2011

REMnux Version 2.0 is released

REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software. REMnux version 2 was released few days back.

Download the new version of REMnux from its main page as a virtual appliance and/or as a Live CD. Here're the quick highlight of the tools it supports.

Malicious Websites Analysis:
  • Updated version of Jsunpack-n (proxy support, encrypted PDF handling)
  • Includes Stunnel (for interception of SSL sessions)
  • Includes RABCDAsm toolkit for RE malicious Flash (SWF) programs.
  • Includes tor and torsocks (for anonymizing interactions with suspicious websites)
  • Includes Burp Suite Free Edition.

Memory Forensics:
  • Updated Volatility memory forensics framework to version 1.4 RC 1 (support Vista and 7). 
  • Includes AESKeyFinder and RSAKeyFinder tools (for finding AES and RSA keys in a memory image).

Others:
  • Includes pyOLEScanner.py (for analysis of malicious Microsoft Office documents).
  • Includes libemu library to obtain the “sctest” tool (for shellcode analysis).
  • Added the “whois” utility.
  • Added xortools.py and pescanner.py tools (from Malware Analyst’s Cookbook).
  • Installed VBinDiff for viewing and comparing files.
  • Installed ircII to supplement the Irssi IRC client.
  • Added the VirusTotal VTzilla Firefox extension.
  • Added md5deep to assist with hash calculating-operations.
  • Added ClamAV for manually scanning suspicious files and generating signatures.