description |
---|
REMnux Documentation |
This site provides documentation for REMnux®, a Linux toolkit for reverse-engineering and analyzing malicious software. REMnux provides a curated collection of free tools created by the community. Analysts can use it to investigate malware without having to find, install, and configure the tools.
The heart of the toolkit is the REMnux Linux distribution based on Ubuntu, which incorporates many tools that malware analysts use to:
- Examine static properties of a suspicious file.
- Statically analyze malicious code.
- Dynamically reverse-engineer malicious code.
- Perform memory forensics of an infected system.
- Explore network interactions for behavioral analysis.
- Investigate system-level interactions of malware.
- Analyze malicious documents.
- Gather and analyze threat data.
The Discover the Tools section of this documentation site provides the REMnux tools listing and offers notes for using them.
To get started with REMnux, you can:
- Download the virtual appliance of the REMnux distro.
- Install the REMnux distro from scratch on a dedicated system.
- Add the REMnux distro to an existing machine.
- Run the REMnux distro as a Docker container.
The REMnux toolkit also offers Docker images of popular malware analysis tools, making it possible to run them as containers without having to install the tools directly on the system.
You can participate in the REMnux project by:
- Asking and answering questions related to the distro and its tools.
- Adding or updating tools that comprise the distribution.
- Creating articles, blog posts, and videos about the tools on REMnux.
You can learn about:
- People and technologies that make REMnux possible
- REMnux configuration tips for getting the most out of the distro
- Tips for using the tools on REMnux
Many of the tools available in the REMnux toolkit are discussed in the SANS course FOR610: Reverse Engineering Malware. Lenny Zeltser, the founder and primary maintainer of REMnux, is also the primary author of this course.