REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Release 4 of this popular distro came out in April 2013. It incorporates several new tools useful for analyzing malware in this Ubuntu-based environment. Lenny Zeltser, who teaches the course FOR610: Reverse-Engineering Malware at SANS and maintains REMnux explains what's new in this release of the toolkit.
Lenny covers topics such as:
• Installing the REMnux virtual appliance using the OVF/OVA file, designed for improved compatibility with many virtualization tools, including VMware and VirtualBox.
• Nuanced differences between the updated and older versions of tools installed on REMnux, including Volatility, Firebug and Origami.
• New utilities for dealing with XOR-based obfuscation commonly employed by malware authors.
• New tools for statically examining Windows PE files, such as pev, ExeScan and autorule other newly-added utilities for malware analysis, including hack-functions and ProcDot
To learn more about SANS course FOR610: Reverse-Engineering Malware visit LearnREM.com. To check out REMnux, please see REMnux.org. For more useful forensics resources from SANS, see computer-forens....