REMnux Tutorial-1: Statically Analyse Windows Portable Executable (PE) Files

       REMnux: A Linux Toolkit for Reverse-Engineering and Analyzing Malware

       It is free, lightweight Linux (Ubuntu distribution) toolkit for reverse-engineering malicious files.

   

       REMnux provides the collection of some of the most common and effective tools used for

       reverse engineering malwares in categories like:

      1) Investigate Linux malwares

      2) Statically analyze windows executable file

      3) Examine File properties and contents

      4) Multiple sample processing

      5) Memory Snapshot Examination

      6) Extract and decode artifacts

      7) Examine Documents

      8) Browser Malware Examination

      9) Network utilities

      REMnux Tutorial - 1 covers tools and techniques used to statically analyze Windows Portable Executable (PE) files. It describes how to detect anomalies in PE file, to decide whether it is compressed or not, Investigation and difference between disassemblers, debuggers and decompilers.

Tools covered: UPX, ByteHist, Density Scout, PEScanner, EXEScan, PEFrame, Pev, Pyew, Bokken, 

   

    

  

       Please click here to access my PPT slides.
     

       Video presentation explaining the slides will be posted soon.!

       Thanks for visiting my blog.!