How to Run Linux Malware Analysis Apps as Docker Containers

  • Monday, 05 Jan 2015 1:00PM EST (05 Jan 2015 18:00 UTC)
  • Speaker: Lenny Zeltser

There are wonderful malware analysis applications out there that run well on Linux; however, installing and configuring them could be quite challenging. A relatively new approach using such tools involves running them as application containers. In this scenario, the application is packaged together with its dependencies as a Docker image, so you don't have to worry about setup or runtime problems that can occur when running the apps in a traditional manner.

In this informative webcast Lenny Zeltser, the lead author of SANS' malware analysis course, explains how you can use malware analysis tools that are already distributed as Docker images as part of the REMnux project. These tools include Thug, Viper, Rekall, JSDetox, and others. Lenny also offers tips for packaging your favorite apps in a similar manner. He covers the following topics:

Tune into this webcast to start learning about Docker containers, so you can not only use them when examining malicious software, but also so you better understand what application containers are and what role they might play alongside other infrastructure technologies.