Using REMnux to setup your lab


@author Evan Saez

@since 12/01/2016

@see malware analysis, reversing


If you’re ever interested in Reverse Engineering and Malware Analysis a great place to start is the Larry Zeltzer’s REMnux project an Ubuntu 14.04 based distro that was designed for hobbyist reverse engineers, and malware & forensic analysts. Zeltzer who teaches the SANS 610 Reverse Engineering and Malware Analysis course has kept the project well maintained and being based on Ubuntu 14.04 LTS has allowed for very good stability and support. The REMnux project can be found here and has saved me countless wasted installing packages and software that has more prerequisites than Liz Taylor had EX husbands. Anyone that has worked in forensics, information security, or software engineering will tell installing stuff for analysis or a very specific use case is a gigantic pain.  (Ask Randy Gingeleski what kind of hell it is doing a security test an application that doesn’t belong in this century).

The REMnux distro ships all the malware analysis software you need to learn or do high level work already installed and makes setup relatively fast.  REMnux comes can be installed either by downloading the preconfigured Virtual Machine OVA from the projects homepage and import it into your preferred virtual software. The other choice is to install it on existing Ubuntu 14.04 system using an installation script.

wget –quiet -O – | sudo bash

This is my preferred method as I prefer the cinnamon desktop manger over REMnux default lxde and prefer to have own permissions setup on my machines for certain customizations. If you are totally new to virtualization or Linux the OVA installation might be the better beginner’s option.  Either way REMnux is a very efficient way to setup machines for analysis in a university research center, corporate security centers, or just your home lab.

Through the next few weeks I’m going to be going over some of the functionality of REMnux including

  1. Install and managing on virtual box along with some of the customizations I use on my personal computer.
  2. A how to guide on how to use some of the techniques and software included on REMnux.
  3. Using Windows Software on Linux with Wine.
  4. The process of analyzing document malware.
  5. Memory Forensics using Rekall and Volatility Premier.
  6. Installing REMnux on Ubuntu 16.04 (Strictly for development and experimenting purposes. Stick with 14.04 for now it is stable and there is no reason to break your lab machine.)

I am looking forward to writing about this series in the upcoming weeks as this has been one of my favorite open source projects in the last few months. Until next time folks.