Popular Linux-Based Toolkit REMnux Version 7 Now Available

Years in the making, version 7 of REMnux® is now available for free downloading, installation, and exploration.

Bethesda, Md. – SANS Digital Forensics and Incident Response (DFIR), a curriculum focus area of SANS Institute, today announces the availability of version 7 of the REMnux® toolkit for malware analysis, founded and primarily maintained by Lenny Zeltser, SANS Faculty Fellow and course author. Updates to the REMnux toolkit will be shared and discussed by Lenny Zeltser in a SANS webcast on July 28.

REMnux is a popular Linux-based toolkit for reverse-engineering malicious software which malware analysts have been relying on for more than 10 years to help them quickly investigate suspicious programs, websites, and document files.

As the security industry matures, it becomes harder to keep track of all the tools that are available to assist with the variety of tasks that malware analysts, incident responders, and forensic investigators face. REMnux makes hundreds of free tools, all contributed by the community, available to analysts without having to discover, install, and configure them

The new REMnux Version 7 refreshes its curated collection of tools to include the latest versions of the utilities useful for tasks such as:

  • Examining suspicious executables, documents, and other artifacts
  • Dynamically reverse-engineering malicious code
  • Performing memory forensics on an infected system
  • Exploring network and system interactions for behavioral analysis
  • Analyzing malicious documents

“I’m very excited about releasing the new version of REMnux,” exclaimed Lenny Zeltser, the founder and primary maintainer of the toolkit. “I’d like to extend a big thank you to all the authors of the tools that comprise the REMnux distro, without whom we’d be stuck analyzing malware with pen and paper. Also, I’m grateful to Corey Forman and Erik Kristensen who’ve contributed their time and expertise to this REMnux release. And thank you to REMnux beta testers for providing feedback, fixes, and advice.”

Many of the tools available in REMnux are discussed and used in the SANS course FOR610: Reverse Engineering Malware, for which Lenny Zeltser is also the primary author.

Download the free REMnux toolkit at https://remnux.org/

Webcast Details

How has REMnux evolved in the decade of its existence, and what’s new and exciting in Version 7? How can you set it up and start benefiting from the hundreds of malware analysis tools that it includes? Learn what’s new in REMnux v7 from the founder and primary maintainer Lenny Zeltser in a SANS webcast on Tuesday, July 28 at 10:30 a.m. EDT (14:30 UTC). Register for the webcast at https://www.sans.org/webcasts/113390


The SANS Digital Forensics and Incident Response (DFIR) curriculum offers information security training courses focused on fundamental skills including threat hunting, Windows and Apple OSX digital forensics, smartphone forensics, network forensics, memory forensics, reverse-engineering malware, and cyber threat intelligence. (https://digital-forensics.sans.org/)

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (https://www.sans.org)