REMnux® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro?
To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take:
- Examine static properties of a suspicious file: General, PE files, ELF files, deobfuscation
- Statically analyze malicious code: General, unpacking, PE files, Python, Java, Flash, Android
- Dynamically reverse-engineer malicious code: General, shellcode, scripts, ELF files
- Perform memory forensics of an infected system
- Explore network interactions for behavioral analysis: Monitoring, connecting, services
- Investigate system-level interactions of malware
- Analyze malicious documents: General, PDF, Microsoft Office, Email messages
- Gather and analyze threat data
In addition to providing numerous tools as part of the REMnux distro, the project also offers several malware analysis tools as Docker images. These will let you deobfuscate JavaScript and data, analyze websites, decompile executables, perform memory forensics, and more.
For another perspective on the REMnux tools you can use for examining malicious software, see the one-page REMnux Usage Tips cheat sheet.
To learn about the analysis workflow within which you can use these tools, take a look at my article Mastering 4 Stages of Malware Analysis.
Updated October 13, 2020
Sign up for my newsletter if you'd like to receive a note from me whenever I publish an article or embark on a project. This doesn't happen often, so I won't overwhelm you with updates.
About the Author
Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. He is presently the CISO at Axonius and an author and instructor at SANS Institute. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.