Analyzing Flash malware:
swftools, flasm, flare
Analyzing IRC bots: IRC server (Inspire IRCd) and client (Irssi). To launch the IRC server, type “ircd start“; to shut it down “ircd stop“. To launch the IRC client, type “irc“.
Network-monitoring and interactions:
Wireshark, Honeyd, INetSim, fakedns and fakesmtp scripts, NetCat
Interacting with web malware in the lab:
TinyHTTPd, Paros proxy
Analyzing shellcode: gdb, objdump, Radare (hex editor+disassembler), shellcode2exe
Dealing with protected executables:
upx, packerid, bytehist, xorsearch, TRiD
Malicious PDF analysis:
Didier’s PDF tools, Origami framework, Jsunpack-n, pdftk
Volatility Framework and malware-related plugins
Miscellaneous: unzip, strings, ssdeep, feh image viewer, SciTE text editor, OpenSSH server
REMnux is a linux distribution which has got most of the tools specified above. It is intended for malware analysis, i love it..
1) Just setup a windows victim host and route all the traffic to a REMnux Machine [Change the Gateway on victim to this machine].
2) Run the required services like IRC, FakeDNS, TinyHTTPd etc as required by malware to observe its interactions. Also capture traffic since it provides the evidence.