SANS DFIR Webcast - What's New in REMnux v4 for Malware Analysis?





The interactive transcript could not be loaded.


Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Sep 9, 2013

REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Release 4 of this popular distro came out in April 2013. It incorporates several new tools useful for analyzing malware in this Ubuntu-based environment. Lenny Zeltser, who teaches the course FOR610: Reverse-Engineering Malware at SANS and maintains REMnux explains what's new in this release of the toolkit.

Lenny covers topics such as:
• Installing the REMnux virtual appliance using the OVF/OVA file, designed for improved compatibility with many virtualization tools, including VMware and VirtualBox.
• Nuanced differences between the updated and older versions of tools installed on REMnux, including Volatility, Firebug and Origami.
• New utilities for dealing with XOR-based obfuscation commonly employed by malware authors.
• New tools for statically examining Windows PE files, such as pev, ExeScan and autorule other newly-added utilities for malware analysis, including hack-functions and ProcDot

To learn more about SANS course FOR610: Reverse-Engineering Malware visit http://LearnREM.com. To check out REMnux, please see http://REMnux.org. For more useful forensics resources from SANS, see http://computer-forensics.sans.org.


When autoplay is enabled, a suggested video will automatically play next.

Up next

to add this to Watch Later

Add to

Loading playlists...