REMnux Usage Tips for Malware Analysis on Linux

This cheat sheet outlines the tools and commands for analyzing malware using the REMnux v7 Linux distribution. To print, use the one-page PDF version; you can also edit the Word version for you own needs.

Get Started with REMnux

Operate Your REMnux System

Shut down the systemshutdown
Reboot the systemreboot
Switch to a root shellsudo -s
Renew DHCP leaserenew-dhcp
See current IP addressmyip
Edit a text filecode file
View an image filefeh file
Start web serverhttpd start
Start SSH serversshd start

Analyze Windows Executables

Reverse-Engineer Linux Binaries

Investigate Other Forms of Malicious Code

Examine Suspicious Documents

Explore Network Interactions

Gather and Analyze Data

Other Analysis Tasks

Use Docker Containers for Analysis

  • Thug Honeyclient: remnux/thug
  • JSDetox JavaScript Analysis: remnux/jsdetox
  • Rekall Memory Forensics: remnux/recall
  • RetDec Decompiler: remnux/retdec
  • Radare2 Reversing Framework: remnux/radare2
  • Ciphey Automatic Decrypter: remnux/ciphey
  • Viper Binary Analysis Framework: remnux/viper

Interact with Docker Images

List local imagesdocker images
Update local imagedocker pull image
Delete local imagedocker rmi imageid
Delete unused resourcesdocker system prune
Open a shell inside a transient containerdocker run --rm -it image bash
Map a local TCP port 80 to container’s port 80docker run --rm -it -p 80:80 image bash
Map your current directory into containerdocker run --rm -it -v .:dirimage bash

This cheat sheet for REMnux is distributed according to the Creative Commons v3 “Attribution” License.

Updated

About the Author

Lenny Zeltser develops teams, products, and programs that use information security to achieve business results. He is presently the CISO at Axonius and an author and instructor at SANS Institute. Over the past two decades, Lenny has been leading efforts to establish resilient security practices and solve hard security problems. As a respected author and speaker, he has been advancing cybersecurity tradecraft and contributing to the community. His insights build upon 20 years of real-world experiences, a Computer Science degree from the University of Pennsylvania, and an MBA degree from MIT Sloan.

Learn more