CSC 471 Modern Malware Analysis

About Malware and Malware Analysis

Malware, a term used to describe various types of malicious software, poses a significant threat to both personal privacy and computer security. ...

Course Description

This course aims to provide students with a comprehensive understanding of modern malware analysis techniques ...

Expected Background

No prerequisite for graduate students, although sufficient security background is expected. ...

• Basic programming concepts
• Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
• Familiar with Unix/Linux including the command-line shell and gdb
• Familiar with Intel x86 assembly language and architecture
• Familiar with web programming concepts (HTML, HTTP, TCP, network communications)

Textbook

No Textbook

Reference book:

1. Monnappa K A, Learning Malware Analysis: Explore the concepts, tools, and techniques ... ISBN 978-1788392501
2. Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, ISBN 978-1593272906

Course Content

#	Date	Topic	Slides	Supporting Materials
The password to the zip files is 'infected' (no quotes).
Class 1	Jan 21, 2025	Introduction	ch01.pdf	Windows XP Environment Disclaimer VirtualBox [ Video]
Class 2	Jan 23, 2025	Basic Concepts, DLL Injection (1)	ch02.pdf	hack_dll.zip hack_dll_src.zip [ Video]
Class 3	Jan 28, 2025	IA32 Registers & Byte Ordering	ch03.pdf	LittleEndian.exe LittleEndian.cpp [ Video]
Class 4	Jan 30, 2025	X86 ASM	ch04.pdf	abexcm1-voiees.exe [ Video]
Lab 1 (10 points)	Feb 04, 2025	Lab1: OllyDbg and DLL Injection Due on: 02/18/2025 23:59:59	lab1.pdf	[ Video] Windows XP Environment Disclaimer VirtualBox hack_dll.zip How to write a lab report
Class 5	Feb 06, 2025	Stack and Stack Frame （1）	ch05.pdf	[ Video] Stack.exe StackFrame.exe StackFrame.cpp
Class 6	Feb 11, 2025	Stack Frame (2)	ch06.pdf	[ Video] StackFrame.exe StackFrame.cpp stdcall.exe cdecl.exe
Lab 2 (10 points)	Feb 13, 2025	Lab2: Stack, Stack Frame & CrackMe Due on: 03/06/2025 23:59:59	lab2.pdf	lab2.exe A reversing tutorial for newbies by lena151 part10.avi
Class 7	Feb 13, 2025	Static Analysis & Dynamic Analysis (1)	ch07.pdf	How to connect to BadgerCTF hack_dll.zip flare-floss samples.zip malwarePE.zip notepad_xp.zip
Class 8	Feb 18, 2025	Static Analysis & Dynamic Analysis (2): （De)Obfuscation	ch08.pdf	malwarePE.zip hack_dll.zip
Class 9	Feb 20, 2025	Windows Message Hooks	ch09.pdf	[Video] OllyDBG 2.0 Hook.zip password:infected Message Hook Source Code
Class 10	Feb 25, 2025	Windows API Hooks	ch10.pdf	[Video] hookdbg.zip password:infected hookdbg_src.zip password:infected
Class 11	Feb 27, 2025	PE Structure (1)	ch11.pdf	[Video] [Video] notepad_xp.zip display_sections.py enum_imports.py enum_export.py
Class 12	Mar 4, 2025	PE Structure (2)	ch12.pdf	[Video] notepad_xp.zip PEView.zip malware.zip password:infected display_sections.py enum_imports.py enum_export.py
Lab 3 (10 points)	Mar 06, 2025	Lab3: Build a heuristic malware detection system Due on: 03/27/2025 23:59:59	lab3.pdf	How to connect to BadgerCTF How to write a lab report malware.zip password:infected enum_exports.py pefile usage examples (Python)
Class 13	Mar 06 & 18, 2025	Code Injection	ch13.pdf	MsgBox_Example.zip CodeInjection.zip password:infected asmtest.zip CodeInjection2.zip password:infected
Class 14	Mar 25 & 27, 2025	Worms (1 - 2): CVE-2008-4250 (MS08-067)	ch14.pdf	CVE-2008-4250.zippassword:infected CVE-2008-4250 Static Analysis Report conflicker.zip password:infected ms08_067_SMB.pcapng.zip
Class 15	Apr 01, 2025	Anti-virus Software, Dynamic Heuristic Analysis	ch15.pdf	[Video] ransomware.zip (Experiment 1) password:infected apivirus.zip (Experiment 2)
Lab 4 (10 Points)	Apr 01, 2025	Lab 4: Build a Dynamic Heuristic Analysis Tool for Detection of Unknown Malware Due on: 04/22/2025 23:59:59	lab4.pdf	ransomware.zip password:infected
Class 16	Apr 03, 2025	Worms (3): Conficker Worm	ch16.pdf	CVE-2008-4250.zip CVE-2008-4250 Static Analysis Report conficker.zip password:infected
Class 17	Apr 08, 2025	Stealth process	ch17.pdf	[Video] StealthProcess1.zip password:infected stealth.cpp
Class 18	Apr 10, 2025	Kernel Rootkit (1): Introduction	ch18.pdf	[Video]
Class 19	Apr 15, 2025	Kernel Rootkit (2): SSDT Hooking	ch19.pdf	[Video] SSDTHook.zip password:infected
Lab 5 (10 points)	Apr 17, 2025	Lab5: SSDT Hooking Due on: 05/06/2025 23:59:59	lab5.pdf	lab5.zip
Class 20	Apr 17, 2025	Volatility, Stuxnet	ch20.pdf	[Video] stuxnet.vmem
Final Project (25 Points)	Apr 22, 2025	Malware Analysis: Zeus Due on: 05/10/2025 23:59:59	FinalProject.pdf	zeus.vmem zeus source code -- client side

Tutorials and Supporting Materials

• How to connect to BadgerCTF
• How to write a lab report
• Download MobaXterm (Windows)

Presentation Rubric (total 15%)

Category	Percentage	Criteria
Content	8%	Accuracy: All content throughout the presentation is accurate, and there are no factual errors. Relevance: The presentation covers the assigned topic comprehensively and relevantly.
Presentation	5%	Organization: The presentation is well-structured, with a clear introduction, body, and conclusion. Technical clarity: Technical terms are well-defined and explained in a clear and concise manner. Depth: The presentation demonstrates substance and depth, going beyond superficial explanations.
Q&A Session	1%	Knowledge: The student demonstrates full knowledge of the topic, answering questions confidently and accurately.
Peer Engagement	1%	Preparation: The student has prepared questions for other groups and shows a proactive engagement in the learning process.