Author Topic: Malware Analyses tools where are thou!?  (Read 8160 times)

Stolas

  • Newbie
  • *
  • Posts: 45
    • View Profile
on: September 15, 2012, 06:48:38 PM
Hello,

I really like Backbox for incident response. It's a wonderful tool and I've loaded it on my pendrive for nearly daily use.
Though I am missing a few tools. Especially for Malware Analyses. I do realise that BB has been developed with simplicity in mind instead of hogging as much tools as possible and therefor be cool (aka Backtrack).

But I am really missing these and I wonder which (if any) of these would be included in future releases (so I'll know if I need to re-roll BackBox myself or if it can stay in the main tree).
The tools I am missing are:

and a varia of Scripts form the Malware Analyses Cookbook (see: http://code.google.com/p/malwarecookbook/source/browse/#svn%2Ftrunk%253Fstate%253Dclosed )

And well, I really miss IDA 6 for Linux on there. But I can live with the fact that you can't share it by default  :)
So I've loaded the install script for that on the same pendrive.
Currently I've loaded REMnux (by Zeltser) on a separate pendrive.
Would be nice if I could combine the two.


Thanks for BackBox though, I'll keep using it no matter what ;)
« Last Edit: September 15, 2012, 08:14:44 PM by Stolas »

Whenever you think you can or can't your right.


ZEROF

  • Hero Member
  • *****
  • Posts: 1245
    • View Profile
    • Pen Tester
Reply #1 on: September 19, 2012, 03:48:17 PM
Hi Stolas,

I agree with you and i think that we can add some of this tools. Cuckoobox is tool with nice updates, and i will talk with Raf (main developer) to add this tool in next release.

Thanks !


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


Stolas

  • Newbie
  • *
  • Posts: 45
    • View Profile
Reply #2 on: September 22, 2012, 02:29:09 PM
Cool, looking forward to the first release that contains anti-malware tools.

Whenever you think you can or can't your right.


dalzo

  • Newbie
  • *
  • Posts: 5
    • View Profile
Reply #3 on: October 10, 2013, 06:57:22 PM
Hi,
any updates on this topic? ;)



Stolas

  • Newbie
  • *
  • Posts: 45
    • View Profile
Reply #4 on: October 10, 2013, 08:13:42 PM
Well I stopped using BackBox after Backtrack got their act together. So I am a Kali user now, it has enough reverse engineering tools in box or I can easily create a custom CD.

Whenever you think you can or can't your right.


b4d_bl0ck

  • Sr. Member
  • ****
  • Posts: 285
    • View Profile
Reply #5 on: October 10, 2013, 09:07:00 PM
Hi,
as said lots of times, BackBox offers a light and complete pentesting environment, but c'mon guys... that's a linux distro, non one is limited to the stock tools. New software can be easily added, this cannot be the reason to change distro (IMHO).

So, including non-stock tools in the distro is easy. You can do two things:
1. create the live USB in persistent mode and install all tools you need;
2. add the tools modifying the downloaded ISO following this wiki: http://wiki.backbox.org/index.php/Customize_the_Live_DVD and then burn it on a non-persistent USB.

This way you will have the tools you need, you can customize boot-up services, autostart apps, conf files and so on...

OT: Stolas can you explain better: "Well I stopped using BackBox after Backtrack got their act together." ?

Thank you guys.
Have fun!

bool secure = check_paranoia() ? true : false;