CSC 497/583 Advanced Topics in Computer Security
Modern Malware Analysis
2019-Spring Course Website
Instructor: Si Chen

About Maleware and Malware Analysis
Malware is a catch-all term for various malicious software, including viruses, adware, spyware, browser hijacking software, and fake security software.
Once installed on your computer, these programs can seriously affect your privacy and your computer's security. For example, malware is known for relaying personal information to advertisers and other third parties without user consent. Some programs are also known for containing worms and viruses that cause a great deal of damage. As a result, the ability to detect, analyze, understand, control, and eradicate malware is an increasingly important issue of economic and national security.
Course Description
This course will introduce students to modern malware analysis techniques through lectures and hands-on interactive analysis of real-world samples, including explore various recent attacks. These examples and studies will help the students develop a foundation and a well-rounded view of cybersecurity research. Participants in the course will also read and discuss research papers, as well as conduct independent project in a topic related to cyber risk and malware analysis.
After taking this course students will be equipped with
the skills to analyze advanced contemporary malware using both static and dynamic analysis.
Syllabus is now available:
[link]
Expected Background
No prerequisite for graduate students, although sufficient security background is expected. For undergraduate students, please make sure you completed
CSC 242.
My expected demographic for Malware Analysis was students with zero reverse engineering experience. That said, to be able to take this course you will probably need at least the following skills.
- Basic programming concepts
- Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
- Familiar with Unix/Linux including the command-line shell and gdb
- Familiar with Intel x86 assembly language and architecture
- Familiar with web programming concepts (HTML, HTTP, TCP, network communications)
Textbook
No Textbook
Reference book:
- Monnappa K A, Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware , ISBN 978-1788392501
- Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st Edition, ISBN 978-1593272906
Course Content
# |
Date |
Topic |
Slides |
Supporting Materials |
The password to the zip files is 'infected', no quotes.
Class 1 |
Jan 22, 2019 |
Introduction |
ch01.pptx |
|
Class 2 |
Jan 24, 2019 |
Basic Concepts, DLL Injection (1) |
ch02.pptx |
Windows XP Environment Disclaimer
hack_dll.zip
hack_dll_src.zip
|
Class 3 |
Jan 29, 2019 |
DLL Injection (2), Static Analysis |
ch03.pptx |
Manjaro Linux (ArchLinux) EnvironmentUsername:csc495 password:csc495
hack_dll.zip
hack_dll_src.zip
fingerprinting.py
vt_query.py
flare-floss
myhack_packed.dll
|
Lab 0 (Non-graded)
|
Jan 29, 2019 |
Lab0: "Hello World" -- DLL Injection
Due on: 02/04/2019
|
lab0.pdf
|
Windows XP Environment Disclaimer
hack_dll.zip
hack_dll_src.zip
|
Class 4 |
Jan 31, 2019 |
Static Analysis, PE Format |
ch04.pptx |
hack_dll.zip
flare-floss
notepad_xp.zip
Download HxD
display_sections.py
Download PEview
myhack_packed.dll
|
Class 5 |
Feb 5, 2019 |
PE Format (2): NT Header, IAT, EAT |
ch05.pptx |
notepad_xp.zip
Download HxD
display_sections.py
enum_imports.py
enum_exports.py
Download PEview
myhack_packed.dll
|
Class 6 |
Feb 7, 2019 |
Static Analysis: Real-world Case Study |
ch06.pptx |
display_sections.py
enum_imports.py
enum_exports.py
malware_sample_0.zip
|
Lab 1 (8 points)
|
Feb 7, 2019 |
Lab1: Build a heuristic malware detection system
Due on: 02/21/2019
|
lab1.pdf
|
Manjaro Linux (ArchLinux) Environment Username:csc495 password:csc495
malware_lab_1.zip password:infected
enum_exports.py
pefile usage examples (Python)
|
Schedule for Presentations
DOODLE LINK
Malware Analysis Tools
VirtualBox
Get Manjaro (Arch Linux) ISO
Manjaro Linux (ArchLinux) Environment Username:csc495 password:csc495
Windows XP Environment Disclaimer
ProcessExplorer
Dependence Walker
PEiD
DebugView
WireShark
OllyDbg for Windows
Online Tutorials
Manjaro User Guide
RMS's gdb Tutorial
PE Format
Overview of IA-32 assembly
programming
x86 Assembly Language Reference Manual