Malware Analyses tools where are thou!?

Started by Stolas, September 15, 2012, 07:48:38 PM

Previous topic - Next topic



I really like Backbox for incident response. It's a wonderful tool and I've loaded it on my pendrive for nearly daily use.
Though I am missing a few tools. Especially for Malware Analyses. I do realise that BB has been developed with simplicity in mind instead of hogging as much tools as possible and therefor be cool (aka Backtrack).

But I am really missing these and I wonder which (if any) of these would be included in future releases (so I'll know if I need to re-roll BackBox myself or if it can stay in the main tree).
The tools I am missing are:

and a varia of Scripts form the Malware Analyses Cookbook (see: )

And well, I really miss IDA 6 for Linux on there. But I can live with the fact that you can't share it by default  :)
So I've loaded the install script for that on the same pendrive.
Currently I've loaded REMnux (by Zeltser) on a separate pendrive.
Would be nice if I could combine the two.

Thanks for BackBox though, I'll keep using it no matter what ;)
Whenever you think you can or can't your right.


Hi Stolas,

I agree with you and i think that we can add some of this tools. Cuckoobox is tool with nice updates, and i will talk with Raf (main developer) to add this tool in next release.

Thanks !

Don't ask, read :
or just run sudo rm -rf /*


Cool, looking forward to the first release that contains anti-malware tools.
Whenever you think you can or can't your right.



Well I stopped using BackBox after Backtrack got their act together. So I am a Kali user now, it has enough reverse engineering tools in box or I can easily create a custom CD.
Whenever you think you can or can't your right.


as said lots of times, BackBox offers a light and complete pentesting environment, but c'mon guys... that's a linux distro, non one is limited to the stock tools. New software can be easily added, this cannot be the reason to change distro (IMHO).

So, including non-stock tools in the distro is easy. You can do two things:
1. create the live USB in persistent mode and install all tools you need;
2. add the tools modifying the downloaded ISO following this wiki: and then burn it on a non-persistent USB.

This way you will have the tools you need, you can customize boot-up services, autostart apps, conf files and so on...

OT: Stolas can you explain better: "Well I stopped using BackBox after Backtrack got their act together." ?

Thank you guys.
Have fun!
bool secure = check_paranoia() ? true : false;