0
1
00:00:10,590 --> 00:00:11,730
Hello everyone.
1

2
00:00:11,730 --> 00:00:16,380
Welcome to another video of Expert Malware Analysis and Reverse engineering course and in this
2

3
00:00:16,380 --> 00:00:19,670
video we are briefly going to talk about REMnux
3

4
00:00:19,710 --> 00:00:25,260
So what exactly is Remnux. Remnux is a linux toolkit for  reverse engineering and analyzing malwares.
4

5
00:00:25,320 --> 00:00:28,170
in the previous couple of videos
5

6
00:00:28,230 --> 00:00:35,010
We worked extensively on setting up a virtual environment where we downloaded images of Windows 7 and
6

7
00:00:35,010 --> 00:00:38,270
Windows 10, to set up our virtualization environment.
7

8
00:00:38,370 --> 00:00:42,480
We downloaded virtualization tools to get ourself set up and running.
8

9
00:00:42,480 --> 00:00:48,810
We also spent time on downloading lots of different tools using the Flare VM so that we have our entire
9

10
00:00:48,810 --> 00:00:56,400
setup ready.  Remnux provides us a single Linux distro which comes pre-compiled as OVA file or
10

11
00:00:56,400 --> 00:01:02,190
as a virtual image that you can quickly boot into your virtualization software and you dont have 
11

12
00:01:02,190 --> 00:01:07,090
to really worry about installing tools or getting images and stuff like that.
12

13
00:01:07,260 --> 00:01:09,880
This is where Remnux is very useful.
13

14
00:01:09,970 --> 00:01:16,860
Remnux is basically developed by SANS which is a very popular certification company that runs a lot
14

15
00:01:16,860 --> 00:01:19,120
of technical certification programs.
15

16
00:01:19,380 --> 00:01:26,580
So some of the good features about this Linux distro is that it comes with a lot of tools that can be
16

17
00:01:26,580 --> 00:01:28,780
helpful during malware analysis.
17

18
00:01:28,830 --> 00:01:33,540
One of the best feature that I like about them is that it comes with containers as well.
18

19
00:01:33,720 --> 00:01:39,440
So they are basically docker images for mlaware analysis tools where you can quickly load up the Docker
19

20
00:01:39,480 --> 00:01:44,720
image and do the analysis and once you are done you basically kill that image and infection just stays
20

21
00:01:45,030 --> 00:01:46,860
out. In the later stages
21

22
00:01:46,860 --> 00:01:54,390
Once we are done with analyzing files manually on virtual machines, we will be looking into analyzing
22

23
00:01:54,390 --> 00:01:58,990
docker containers as well.
23

24
00:01:59,170 --> 00:02:02,140
So that was all about Remnux. it was just a quick brief.
24

25
00:02:02,200 --> 00:02:05,070
I would highly encourage you all to just go ahead.
25

26
00:02:05,230 --> 00:02:09,880
Go to Remnux.org.  You can download the distro from there and you can just load into virtualization 
26

27
00:02:09,880 --> 00:02:13,370
software and you can start playing around with it.
27

28
00:02:13,450 --> 00:02:15,990
Here is a running instance on my machine.
28

29
00:02:16,180 --> 00:02:21,160
Once you are set up once you boot it you'll see something similar here.
29

30
00:02:21,590 --> 00:02:31,310
You can go to Start, you can go to other and from there you can see a bunch of tools that are there.
30

31
00:02:31,310 --> 00:02:35,710
It is not really the exhaustive list there are a lot of other tools as well which are present inside
31

32
00:02:35,720 --> 00:02:37,530
Remnux.
32

33
00:02:37,650 --> 00:02:40,740
One of the most useful things is the Remnux cheat-sheet.
33

34
00:02:41,040 --> 00:02:42,430
This is very handy.
34

35
00:02:42,630 --> 00:02:50,010
It contains a lot of tools that we can use in different stages of malware analysis.
35

36
00:02:50,190 --> 00:02:56,260
If you look here they have mentioned all the tools under different headings for example how we examined
36

37
00:02:56,280 --> 00:02:57,090
all of malware.
37

38
00:02:57,150 --> 00:03:00,740
Let's begin with spidermonkey we can use Rhino the.
38

39
00:03:00,780 --> 00:03:06,810
We can use firebug for examining memory using volatility to have listed all the important commands
39

40
00:03:06,900 --> 00:03:09,390
that are related to Volatility and stuff like that.
40

41
00:03:09,690 --> 00:03:11,360
This cheat-sheet is really really handy.
41

42
00:03:11,370 --> 00:03:18,050
And we can refer back to it anytime when we want to let's say pick up new tool to understand
42

43
00:03:18,050 --> 00:03:26,650
a file or really extract the deeper components of a fly to uncover malicious traits.
43

44
00:03:26,680 --> 00:03:31,360
So there was all about Remnux. Just go ahead download it and play with it and let me know how was
44

45
00:03:31,360 --> 00:03:32,740
your experience.
45

46
00:03:32,740 --> 00:03:33,290
Thanks a lot.