Profile cover photo
Profile photo
REMnux
REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware
REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware
About
Posts

Post has attachment
Public
The REMnux cheat sheet provides a useful 1-page reference to this malware analysis distro. Many of the tools mentioned there are used on the SANS FOR610 reverse-engineering malware course.

Post has attachment
Public
REMnux now includes the msoffice-crypt tool to decrypt and encrypt Microsoft Office OOXML document files with the specified password. To get this utility, install the remnux-msoffice-crypt package or run the update-remnux command.

Post has attachment
Public
FireEye's Michael Bailey explains how you can use FakeNet-NG on REMnux and other Linux platforms for dynamic malware analysis.

Post has attachment
Public
FakeNet-NG by Peter Kacherginsky is now on REMnux. "The tool allows you to intercept and redirect all or specific network traffic while simulating legitimate network services." To get it, run "update-remnux", then launch the tool via the "sudo fakenet" command.

Post has attachment
Public
Samuel Alonso shows how you can get started with Volatility memory forensics by using DevinGergen's "vshot" tool on REMnux.

Post has attachment
Public
The fakedns.py script by Francisco Santos has been updated to support the optional .fakedns configuration file, which allows you to define specific hostname to IP mappings. When you run the script without the config file present, it will generate a sample file named .fakedns.sample, which you can use as a template for the real file. Thanks to Joe Ryan for adding this functionality to the tool.

Post has attachment
Public
The "remnux-procdot" package has been updated to include the new version of Christian Wojner's ProcDOT, as well as the PCAP_tools plugin by Brian Maloney for carving TCP streams. To get it, run "update-remnux" or "sudo apt-get update" followed by "sudo apt-get install remnux-procdot".

Post has attachment
Public
REMnux now includes the PortEx tool by Katja Hahn for performing static analysis of Windows executables (PE files). You can add it by using running "update-remnux" or by installing the remnux-portex package. To run the tool, use the "portex" command; it will show you usage information of you invoke it without any parameters.

Post has attachment
Public
GCHQ released a powerful web-based tool CyberChef for decoding data. You can easily run this too locally as a Docker container by using the remnux/cyberchef image, which is built on the basis of a Dockerfile by Matt Georgyy. Instructions for using this image at at the bottom of the following page.

Post has attachment
The remnux-didier package now includes Didier Stevens' rtfdump.py, byte-cut.py and decode-search.py tools. It also includes updates versions of oledump.py and virustotal-search.py. Get the latest package via "sudo apt-get update" followed by "sudo apt-get install remnux-didier".
Wait while more posts are being loaded