REMnux is a popular Linux-based toolkit for reverse-engineering malicious software which malware analysts have been relying on for more than 10 years to help them quickly investigate suspicious programs, websites, and document files.
As the security industry matures, it becomes harder to keep track of all the tools that are available to assist with the variety of tasks that malware analysts, incident responders, and forensic investigators face. REMnux makes hundreds of free tools, all contributed by the community, available to analysts without having to discover, install, and configure them.
REMnux been fully rebuilt to help stay up-to-date with the rapid pace of today’s tool releases. To achieve this, it now uses SaltStack behind the scenes for automating the installation and configuration of software. The new architecture also makes it easier for community members to contribute tools and revisions.
REMnux toolkit 7 refreshes its curated collection of tools to include the latest versions of the utilities useful for tasks such as:
- Examining suspicious executables, documents, and other artifacts
- Dynamically reverse-engineering malicious code
- Performing memory forensics on an infected system
- Exploring network and system interactions for behavioral analysis
- Analyzing malicious documents.
“It’s hard to believe that it’s been 10 years almost to the date that I released the first version of REMnux. Over these years the distro became the go-to looking for malware analysts and reverse-engineers. In a way, it is to malware analysis as Kali is to penetration testing,” Lenny Zeltser, the founder and primary maintainer of the toolkit, told Help Net Security.
To start using REMnux 7, you can:
- Download REMnux as a virtual appliance
- Set up a dedicated REMnux system from scratch
- Add REMnux to an existing Ubuntu 18.04 host
- Run REMnux distro as a Docker container