How to analyze malware with REMnux's reverse-engineering malware toolsDate: Oct 28, 2013
Malware infections are a daily reality for enterprise security professionals, regardless of the IT controls in place. Malware can infiltrate corporate networks in a variety of ways, from hiding out in Windows executables to being deployed from Web browsers. Simultaneously, budget crunches also affect nearly every organization, leaving IT pros little room to push for expensive malware analysis tools. So, what options are left for security professionals in charge of finding malware activity on a tight budget? The free reverse engineering malware tools provided in Lenny Zeltser's Linux distribution REMnux may prove to be a compelling choice.
In this SearchSecurity screencast, Keith Barker, a Certified Information Systems Security Professional, or CISSP, and trainer for CBT Nuggets LLC, demonstrates how just a few of the hundreds of tools in REMnux can be used for reverse-engineering malicious software. First, he shows off a number of tools that can be used to analyze PDFs, including pdfextract, which displays the contents of a PDF in a variety of formats, and PDF Walker, which provides a graphic interface for a PDF's details.
Another way that organizations can detect malware activity is by identifying communications between programs and malicious APIs, a task that is made relatively simple by the ExeScan tool. Barker wraps up with a look at the peHash tool, which provides the ability to validate the hash used by a program. By understanding which hash a program uses, IT teams can simply compare it to the hash used by the original content, with any differences indicating a possible compromise.
Available as an ISO; Open Virtualization File, or OVF, virtual appliance; or VMware virtual appliance, REMnux can help budget-strapped organizations identify and analyze malware in compromised documents and executables.
About CBT Nuggets:
CBT Nuggets is a computer-based technology company specializing in cutting-edge online IT training . Founded in 1999 by current CEO Dan Charbonneau, CBT Nuggets provides quick, easy and affordable learning by renowned instructors for individuals, small teams and large organizations. CBT Nuggets also offers free videos on a variety of IT topics on the CBT Nuggets YouTube video channel.
About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Keith is also the author of numerous Cisco Press books and articles.