Post Wed Jun 30, 2010 11:29 am

REMnux - Linux Distribution for Reverse-Engineering Malware

REMnux is a Linux distribution designed for assisting malware analysts in reverse-engineering malicious software. REMnux is based on Ubuntu.

REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that's listening on the appropriate ports. Such a lab can be set up using virtualized or dedicated physical systems.

REMnux is also useful for analyzing web-based malware, such as malicious browser scripts, Java programs, and Flash files. In also has tools useful for analyzing malicious documents, such as Microsoft Office and Adobe PDF files. In these cases, malware may be loaded onto REMnux and analyzed directly on the REMnux system without requiring other systems to be present in the lab.

You can learn about malware analysis techniques that make use of the tools installed and pre-configured on REMnux by taking the SANS Institute course on Reverse-Engineering Malware (REM).

You'll be able to download REMnux from this page shortly. Please come back.

This one is maintained by Lenny Zeltser. Look for more on Lenny in July right here on EH-Net.

For more info on REMnux: