Sunday, 14 April 2013

Latest IT Security tools

REMnux 4

There is a release of version 4 of the REMnux Linux distribution for reverse-engineering malicious software. The new version includes a variety of new malware analysis tools and updates the utilities that have already been present on the distro.

What’s New in REMnux v4
REMnux is now available as a Open Virtualization Format (OVF/OVA) file for improved compatibility with virtualization software, including VMware and VirtualBox. A proprietary VMware file is also available. You can also get REMnux as an ISO image of a Live CD.
Key updates to existing tools and components:
  • Core system: Upgraded the underlying Ubuntu OS components and packages; increased default RAM of the virtual appliance to 512MB; replaced OpenJDK with Oracle Java 7 runtime.
  • Memory analysis: Updated Volatility to version 2.2.
  • PDF analysis: Updated pdfid and pdf-parser, Origami, peepdf
  • Web analysis: Updated SWFTools, V8, libemu, NetworkMiner, Burp Proxy, Wireshark, Firefox and its add-ons.
  • Other changes: Updated xorsearch, DensityScout, Pyew, passive-dns, ClamAV, capabilities.yara; replaced FreeMind with XMind
New tools added to REMnux:
  • Windows tools: Installed Wine; added OfficeMalScanner, Malzilla
  • XOR analysis: Added NoMoreXOR, brutexor, XORBruteForcer
  • PE file analysis: Added pev, dism-this, ExeScan, udis86 (udcli), autorule (/usr/local/autorule), distool
  • Other file analysis: Added extract_swf.py, ExifTool, MASTIFF
  • Other additions: Added hack-functions (/usr/local/hack-functions), bulk_extractor, ProcDot

Proxify and BadAssProxy

GNUCITIZEN released a lightweight proxy called Proxify, designed to conveniently integrate with other tools. Proxify can handle both HTTP and HTTPS, displaying or saving the interactions between the client and the server. Its authors expect the tool to be embedded in applications that require proxy functionality, explaining that:
“The tool will do all the hard work and you just need to provide a very simple restful HTTP service to do the forwarding of data between the browser and the remote target. “
Proxify is easy to run from the command-line, as you can see in the video attached to this post. In this example, I directed Proxify to listen on port 8080 and save all requests and responses it intercepts to the “output” directory.

Proxify is free for non-commercial use, and is available in a binary form for Windows, Linux and OS X.

No comments:

Post a Comment