In a recent update, a specialized Linux distribution REMnux 8.0 was presented, specifically designed for studying and reverse engineering malware code. This distribution facilitates the creation of an isolated laboratory environment where the behavior of malware can be studied under conditions similar to real ones.
REMnux 8.0, built on the Ubuntu package base, offers over 200 specialized tools for malware analysis, code reverse engineering, studying PDF and office documents modified by attackers, and monitoring system activity. The distribution provides downloadable images for virtualization systems in formats like ova (VirtualBox) and bqcow2 (Proxmox), each 8 GB in size. Additionally, the project offers Docker images for running individual tools in isolation on existing systems.
The latest version of REMnux includes several updates:
- The system environment has been upgraded from Ubuntu 20.04 to 24.04, along with updates to the versions of tools provided in the distribution.
- A new installer has been introduced, enabling the installation of the distribution environment on top of existing Ubuntu 24.04 installations.
- Integration of AI assistants for malware analysis, utilizing its MCP server to link distribution tools with various AI agents like OpenCode. The package GhidrAssistMCP has been added for automating reverse engineering in Ghidra, along with plugins r2ai and decai for the Radare2 framework.
- The addition of new tools such as YARA-X (YARA rewritten in Rust), GoReSym, Redress, Manalyze, LIEF, and pyinstxtractor-ng for analyzing and parsing executable files.
This update aims to enhance the capabilities of REMnux in analyzing malware and reverse engineering code effectively.