I am a huge fan of REMnux as you can tell from some of my prior posts (here, here, and here). Lenny gave this webcast on version 4’s new features in late August and I unfortunately missed it. Thankfully, SANS recently published the session on their YouTube DFIR Webcast channel and I just wanted to share it out to everyone interested in malware analysis as well.
via “What’s New in REMnux v4 for Malware Analysis? – SANS DFIR Webcast – YouTube”
REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Release 4 of this popular distro came out in April 2013. It incorporates several new tools useful for analyzing malware in this Ubuntu-based environment. Lenny Zeltser, who teaches the course FOR610: Reverse-Engineering Malware at SANS and maintains REMnux explains what’s new in this release of the toolkit.
Lenny covers topics such as:
- Installing the REMnux virtual appliance using the OVF/OVA file, designed for improved compatibility with many virtualization tools, including VMware and VirtualBox.
- Nuanced differences between the updated and older versions of tools installed on REMnux, including Volatility, Firebug and Origami.
- New utilities for dealing with XOR-based obfuscation commonly employed by malware authors.
- New tools for statically examining Windows PE files, such as pev, ExeScan and autorule other newly-added utilities for malware analysis, including hack-functions and ProcDot
To learn more about SANS course FOR610: Reverse-Engineering Malware visit http://LearnREM.com. To check out REMnux, please see http://REMnux.org. For more useful forensics resources from SANS, see http://computer-forensics.sans.org.
Today’s post pic is from EDGIS-Security.org. See ya!