By ro0ted | April 30, 2015 - 09:59 | Posted in /b/ | 5 Comments
#ro0ted #OpNewblood What the blackhats dont want you to know: REMnux a distro for analyzing malware

This is an introduction to the distro called REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware. – https://twitter.com/ro0ted/

What can you do with REMnux?

  • Examine browser malware

  • Analyze malicious document files

  • Extract and decode suspicious artifacts

  • Handle laboratory network interactions

  • Review multiple malware samples

  • Examine properties and contents of suspicious files

  • Investigate Linux and Windows malware

  • Perform memory forensics

 

As state on their homepage:

“The heart of the project is the REMnux Linux distribution based on Ubuntu. This lightweight distro incorporates many tools for analyzing Windows and Linux malware, examining browser-based threats such as obfuscated JavaScript, exploring suspicious document files and taking apart other malicious artifacts. Investigators can also use the distro to intercept suspicious network traffic in an isolated lab when performing behavioral malware analysis.”

Visit website: https://remnux.org/

You want this on a virtual machine not a main OS.

Download Virtual box and install it:

https://www.virtualbox.org/wiki/Downloads

Untitled

 

The file downloaded for this tutorial is a .ova file.
You can find it here:

remnux-5.0-ovf-public.ova

 

After download is done just double click the ova file:

Untitled

Then this will open Vbox:
Untitled

Now click import:

Untitled

Then it will load:

Untitled

 Then click settings to enable internet:

Untitled

Now this window will open:

Untitled

 

Now click System & Check Network:

Untitled

Now click network to choose your settings then press ok:

Untitled

Now click start:

Untitled

Then  you will see this screen:

Untitled

Open terminal to update:

Untitled

Type: sudo apt-get dist-upgrade
Untitled

Enter Y and press enter.

Untitled

Type: sudo apt-get upgrade

Untitled

Type: sudo apt-get update

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Untitled

Click REM Report Template:

Untitled

You will see this template for your analysis results:

Untitled

Untitled

Then go back to desktop and click the document REM Tools:

Untitled

Then you will see a layout of the distro:

Untitled

Untitled

Untitled

Next tutorial we will use it this is just an Introduction to REM. A must for every Reverse Engineer. As we will finally dive into analyzing malware.

ro0ted

 


 

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file

IDA PRO Book

Unpacking & Crypting there is a difference

Covert Debugging whitepaper from blackhat.com

Manually Unpacking with Ollydbg

Manually Unpacking Part 2

Manually Unpacking 101

ASM Injecting

ASM Injecting Part 2

ASM Injecting Part 3: Crypt your malicious file

Reversing Trials

Adding Your Menu

ASM Injecting Part 4

ASM Injecting Part 5

Finding Nag Screens & Removing them

REMnux: Linux Toolkit for Reverse-Engineering and Analyzing Malware +

 

(Visited 875 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

5 Responses to #ro0ted #OpNewblood What the blackhats dont want you to know: REMnux a distro for analyzing malware

  1. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewbl...

    […]   […]

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: REMnux Volatility Framework

    […] Note: if you missed the last tutorial on the Remnux Linux vbox setup.. read here: https://archive.cyberguerrilla.org/a/2015/ro0ted-opnewblood-what-the-blackhats-dont-want-you-to-know-remnu… […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Analyzing the ZeuS bot Part 2

    […] by now you should know how to use vbox with REMnux. Last tutorial: […]

  4. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want u to know: Meet the Auto Cousin of Volatility Framework

    […] REMnux: Linux Toolkit for Reverse-Engineering and Analyzing Malware […]

  5. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know BE: think ur drive is really wiped?

    […] REMnux: Linux Toolkit for Reverse-Engineering and Analyzing Malware […]