Final Week to Get an iPad mini, Surface Go 2, or Take $300 Off with OnDemand Training!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

Popular Linux-Based Toolkit REMnux Version 7 Now Available

Years in the making, version 7 of REMnux® is now available for free downloading, installation, and exploration.

  • Bethesda, MD
  • July 22, 2020

SANS Digital Forensics and Incident Response (DFIR), a curriculum focus area of SANS Institute, today announces the availability of version 7 of the REMnux® toolkit for malware analysis, founded and primarily maintained by Lenny Zeltser, SANS Faculty Fellow and course author. Updates to the REMnux toolkit will be shared and discussed by Lenny Zeltser in a SANS webcast on July 28.

REMnux is a popular Linux-based toolkit for reverse-engineering malicious software which malware analysts have been relying on for more than 10 years to help them quickly investigate suspicious programs, websites, and document files.

As the security industry matures, it becomes harder to keep track of all the tools that are available to assist with the variety of tasks that malware analysts, incident responders, and forensic investigators face. REMnux makes hundreds of free tools, all contributed by the community, available to analysts without having to discover, install, and configure them

The new REMnux Version 7 refreshes its curated collection of tools to include the latest versions of the utilities useful for tasks such as:

  • Examining suspicious executables, documents, and other artifacts
  • Dynamically reverse-engineering malicious code
  • Performing memory forensics on an infected system
  • Exploring network and system interactions for behavioral analysis
  • Analyzing malicious documents

“I’m very excited about releasing the new version of REMnux,” exclaimed Lenny Zeltser, the founder and primary maintainer of the toolkit. “I’d like to extend a big thank you to all the authors of the tools that comprise the REMnux distro, without whom we’d be stuck analyzing malware with pen and paper. Also, I’m grateful to Corey Forman and Erik Kristensen who’ve contributed their time and expertise to this REMnux release. And thank you to REMnux beta testers for providing feedback, fixes, and advice.”

Many of the tools available in REMnux are discussed and used in the SANS course FOR610: Reverse Engineering Malware, for which Lenny Zeltser is also the primary author.

Download the free REMnux toolkit at

Webcast Details

How has REMnux evolved in the decade of its existence, and what’s new and exciting in Version 7? How can you set it up and start benefiting from the hundreds of malware analysis tools that it includes? Learn what’s new in REMnux v7 from the founder and primary maintainer Lenny Zeltser in a SANS webcast on Tuesday, July 28 at 10:30 a.m. EDT (14:30 UTC). Register for the webcast at


The SANS Digital Forensics and Incident Response (DFIR) curriculum offers information security training courses focused on fundamental skills including threat hunting, Windows and Apple OSX digital forensics, smartphone forensics, network forensics, memory forensics, reverse-engineering malware, and cyber threat intelligence. (


About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner’s qualifications via over 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (