updated

PepMacgvai · Jan 23, 2020 · 2b4cc38 · 2b4cc38
1 parent 0e01a0b
commit 2b4cc38
Showing 1 changed file with 17 additions and 198 deletions.
diff --git a/6-Malware/4-Malware-Analysis-Lab.md b/6-Malware/4-Malware-Analysis-Lab.md
@@ -1,5 +1,19 @@
-FLARE VM
-===
+# Malware Analysis Virtual Environment
+
+## REMnux
+REMnux® is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locate or set up.
+
+The heart of the project is the REMnux Linux distribution based on Ubuntu. This lightweight distro incorporates many tools for analyzing Windows and Linux malware, examining browser-based threats such as obfuscated JavaScript, exploring suspicious document files and taking apart other malicious artifacts. Investigators can also use the distro to intercept suspicious network traffic in an isolated lab when performing behavioral malware analysis.
+
+https://remnux.org/
+
+
+## Tsurugi Linux 
+Tsurugi Linux is a new heavily customized Linux distribution (first release 03/Nov/2018 at AvTokyo security conference in Japan) based on Ubuntu 16LTS version (64-bit with the new 5.4.2 custom kernel) and is designed to support DFIR investigations, malware analysis and OSINT activities.
+
+https://tsurugi-linux.org/
+
+##  FLARE VM
 [**FLARE VM**](https://github.com/fireeye/flare-vm) is a freely available and open sourced Windows-based security distribution designed for **reverse engineers, malware analysts**, incident responders, forensicators, and penetration testers. Inspired by open-source Linux-based security distributions like Kali Linux, REMnux and others, FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others.
 
 <p align="center">
@@ -17,199 +31,4 @@ The setup is very easy, just fire up your fresh new Windows 7 VM and install the
 
 * [HackerSploit Environment Setup Tutorial [Video]](https://youtu.be/F1LE56QQ7iA)
 
-* [HackerSploit Malware Analysis Playlist [Video]](https://www.youtube.com/playlist?list=PLBf0hzazHTGMSlOI2HZGc08ePwut6A2Io)
-
-Installed Tools
-===============
-
-<p align="center">
-  <img width="70%" src="https://www.fireeye.com/content/dam/fireeye-www/blog/images/FLARE%20VM/Fig3.png" />
-</p>   
-
-Android
----------
-* dex2jar
-* apktool
-
-Debuggers
----------
-* flare-qdb
-* scdbg
-* OllyDbg + OllyDump + OllyDumpEx
-* OllyDbg2 + OllyDumpEx
-* x64dbg
-* WinDbg + OllyDumpex + pykd
-
-Decompilers
----------
-* RetDec
-
-Delphi
----------
-* Interactive Delphi Reconstructor (IDR)
-
-Developer Tools
----------
-* VC Build Tools
-* NASM
-
-Disassemblers
----------
-* Ghidra
-* IDA Free (5.0 & 7.0)
-* Binary Ninja Demo
-* radare2
-* Cutter
-
-.NET
----------
-* de4dot
-* Dot Net String Decoder (DNSD)
-* dnSpy
-* DotPeek
-* ILSpy
-* RunDotNetDll
-
-Flash
----------
-* FFDec
-
-Forensic
----------
-* Volatility
-
-Hex Editors
----------
-* FileInsight
-* HxD
-* 010 Editor
-
-Java
----------
-* JD-GUI
-* Bytecode-Viewer
-
-Networking
----------
-* FakeNet-NG
-* ncat
-* nmap
-* Wireshark
-
-Office
----------
-* Offvis
-* OfficeMalScanner
-* oledump.py
-
-PDF
----------
-* PDFiD
-* PDFParser
-* PDFStreamDumper
-
-PE
----------
-* PEiD
-* ExplorerSuite (CFF Explorer)
-* PEview
-* DIE
-* PeStudio
-* PEBear
-* ResourceHacker
-* LordPE
-* PPEE(puppy)
-
-Pentest
----------
-* MetaSploit
-* Windows binaries from Kali Linux
-
-Text Editors
----------
-* SublimeText3
-* Notepad++
-* Vim
-
-Visual Basic
----------
-* VBDecompiler
-
-Web
----------
-* BurpSuite Free Edition
-
-Utilities
----------
-* FLOSS
-* HashCalc
-* HashMyFiles
-* Checksum
-* 7-Zip
-* Far Manager
-* Putty
-* Wget
-* RawCap
-* UPX
-* RegShot
-* Process Hacker
-* Sysinternals Suite
-* API Monitor
-* SpyStudio
-* Shellcode Launcher
-* Cygwin
-* Unxutils
-* Malcode Analyst Pack (MAP)
-* XORSearch
-* XORStrings
-* Yara
-* CyberChef
-* KernelModeDriverLoader
-* Process Dump
-* Exe2Aut
-* Innounp
-* InnoExtract
-* UniExtract2
-* Hollows-Hunter
-* PE-sieve
-
-Python, Modules, Tools
----------
-* Py2ExeDecompiler
-* Python 2.7
-  * hexdump
-  * pefile
-  * winappdbg
-  * pycryptodome
-  * vivisect
-  * binwalk
-  * capstone-windows
-  * unicorn
-  * oletools
-  * olefile
-  * unpy2exe
-  * uncompyle6
-  * pycrypto
-  * pyftpdlib
-  * pyasn1
-  * pyOpenSSL
-  * ldapdomaindump
-  * pyreadline
-  * flask
-  * networkx
-  * requests
-* Python 3.7
-  * binwalk
-  * unpy2exe
-  * uncompyle6
-  * StringSifter
-
-Other
----------
-* VC Redistributable Modules (2005, 2008, 2010, 2012, 2013, 2015, 2017)
-* .NET Framework versions 4.6.2 and 4.7.2
-* Practical Malware Analysis Labs
-* Google Chrome
-* Cmder Mini
-
-
+* [HackerSploit Malware Analysis Playlist [Video]](https://www.youtube.com/playlist?list=PLBf0hzazHTGMSlOI2HZGc08ePwut6A2Io)