Gain Top-Notch InfoSec Skills at SANS San Diego 2017. Save $200 thru 9/27.


To attend this webcast, login to your SANS Account or create your Account.

How to Run Linux Malware Analysis Apps as Docker Containers

  • Monday, January 5th, 2015 at 1:00 PM EST (18:00:00 UTC)
  • Lenny Zeltser
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


There are wonderful malware analysis applications out there that run well on Linux; however, installing and configuring them could be quite challenging. A relatively new approach using such tools involves running them as application containers. In this scenario, the application is packaged together with its dependencies as a Docker image, so you don't have to worry about setup or runtime problems that can occur when running the apps in a traditional manner.

In this informative webcast Lenny Zeltser, the lead author of SANS' malware analysis course, explains how you can use malware analysis tools that are already distributed as Docker images as part of the REMnux project. These tools include Thug, Viper, Rekall, JSDetox, and others. Lenny also offers tips for packaging your favorite apps in a similar manner. He covers the following topics:

Tune into this webcast to start learning about Docker containers, so you can not only use them when examining malicious software, but also so you better understand what application containers are and what role they might play alongside other infrastructure technologies.

Speaker Bio

Lenny Zeltser

Lenny Zeltser is a seasoned business leader with extensive experience in information technology and security. As a product management director at NCR Corporation, he focuses on safeguarding IT infrastructure of small and mid-size businesses world-wide. Before NCR, Lenny led the enterprise security consulting practice at a major IT hosting provider. He also teaches digital forensics and malware courses for the SANS Institute, where he is a senior faculty member. In addition, Lenny is a Board of Directors member at SANS Technology Institute and a volunteer incident handler at the Internet Storm Center.

Lenny's expertise is strongest at the intersection of business, technology, and information security practices and includes incident response, cloud services, and product management. He frequently speaks at conferences, writes articles, and has co-authored books on network security and malicious software defenses. Lenny is one of the few individuals in the world who've earned the prestigious GIAC Security Expert designation. He has an MBA degree from MIT Sloan and a Computer Science degree from the University of Pennsylvania.

You can learn more about Lenny's projects on his personal website and blog.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.