How to Run Linux Malware Analysis Apps as Docker Containers
- Monday, January 5th, 2015 at 1:00 PM EST (18:00:00 UTC)
- Lenny Zeltser
You can now attend the webcast using your mobile device!
There are wonderful malware analysis applications out there that run well on Linux; however, installing and configuring them could be quite challenging. A relatively new approach using such tools involves running them as application containers. In this scenario, the application is packaged together with its dependencies as a Docker image, so you don't have to worry about setup or runtime problems that can occur when running the apps in a traditional manner.
In this informative webcast Lenny Zeltser, the lead author of SANS' malware analysis course, explains how you can use malware analysis tools that are already distributed as Docker images as part of the REMnux project. These tools include Thug, Viper, Rekall, JSDetox, and others. Lenny also offers tips for packaging your favorite apps in a similar manner. He covers the following topics:
- What is Docker and how it is different from virtualization technologies?
- What malware analysis applications are available as Docker images?
- How can you launch and interact with malware analysis apps running as containers?
- How can you build Docker application images of your favorite applications?
- What are the security implications of running applications as containers?
Tune into this webcast to start learning about Docker containers, so you can not only use them when examining malicious software, but also so you better understand what application containers are and what role they might play alongside other infrastructure technologies.
Lenny Zeltser is a seasoned business leader with extensive experience in information technology and security. As a product management director at NCR Corporation, he focuses on safeguarding IT infrastructure of small and mid-size businesses world-wide. Before NCR, Lenny led the enterprise security consulting practice at a major IT hosting provider. He also teaches digital forensics and malware courses for the SANS Institute, where he is a senior faculty member. In addition, Lenny is a Board of Directors member at SANS Technology Institute and a volunteer incident handler at the Internet Storm Center.
Lenny's expertise is strongest at the intersection of business, technology, and information security practices and includes incident response, cloud services, and product management. He frequently speaks at conferences, writes articles, and has co-authored books on network security and malicious software defenses. Lenny is one of the few individuals in the world who've earned the prestigious GIAC Security Expert designation. He has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania.