About Maleware and Malware Analysis
Malware, a term used to describe various types of malicious software, poses a significant threat to both personal privacy and computer security. This can include viruses, adware, spyware, browser hijacking software, and fake security software. When installed on a computer, these programs can relay personal information to third parties without user consent, and may also contain worms and viruses that cause significant damage. As a result, the ability to detect, analyze, understand, control, and eradicate malware is becoming a crucial issue in both economic and national security.Course Description
This course aims to provide students with a comprehensive understanding of modern malware analysis techniques through lectures and hands-on interactive analysis of real-world samples. This includes exploring various recent attacks to develop a foundation and well-rounded view of cybersecurity research. Participants will also read and discuss research papers, and conduct an independent project on a topic related to cyber risk and malware analysis.Upon completion of the course, students will be equipped with the skills to analyze advanced contemporary malware using both static and dynamic analysis methods. This knowledge will enable them to effectively detect, understand, and mitigate the impact of malware threats.
Syllabus is now available: [link]
Expected Background
No prerequisite for graduate students, although sufficient security background is expected.My expected demographic for Malware Analysis was students with zero reverse engineering experience. That said, to be able to take this course you will probably need at least the following skills.
- Basic programming concepts
- Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
- Familiar with Unix/Linux including the command-line shell and gdb
- Familiar with Intel x86 assembly language and architecture
- Familiar with web programming concepts (HTML, HTTP, TCP, network communications)
Textbook
No Textbook
Reference book:
- Monnappa K A, Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware , ISBN 978-1788392501
- Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st Edition, ISBN 978-1593272906
Course Content
| # | Date | Topic | Slides | Supporting Materials |
|---|---|---|---|---|
| Class 1 | Jan 24, 2023 | Introduction | ch01.pdf |
|
| Class 2 | Jan 26, 2023 | Basic Concepts, DLL Injection (1) | ch02.pdf |
|
| Class 3 | Jan 31, 2023 | DLL Injection (2), Static Analysis | ch03.pdf |
|
| Lab 1 (10 points) |
Jan 31, 2023 | Lab1: OllyDbg and DLL Injection
Due on: 02/14/2023 23:59:59
|
lab1.pdf |
|
| Class 4 | Feb 7, 2023 | IA32 Registers & Byte Ordering | ch04.pdf |
|
| Class 5 | Feb 9, 2023 | X86 ASM | ch05.pdf |
|
| Class 6 | Feb 14, 2023 | Stack and Stack Frame | Ch06.pdf |
|
| Class 7 | Feb 16, 2023 | Dynamic Analysis, Hooks | ch07.pdf |
|
| Lab 2 (10 points) |
Feb 21, 2023 | Lab2: Stack, Stack Frame & CrackMe
Due on: 03/03/2023 23:59:59
|
lab2.pdf |
|
| Class 8 | Feb 23, 2023 | Message Hooks, API Hooks | ch08.pdf |
|
| Class 9 | Feb 28, 2023 | Code Injection (1) | ch09.pdf |
|
| Class 10 | Mar 2, 2023 | Code Injection (2) | ch09.pdf |
|
| Class 11 | Mar 7, 2023 | PE Structure (1) | ch11.pdf |
|
| Class 12 | Mar 21, 2023 | PE Structure (2) and IDA Free | ch11.pdf |
|
| Lab 3 (10 points) |
Mar 21, 2023 | Lab3: Build a heuristic malware detection system
Due on: 04/04/2022 23:59:59
|
lab3.pdf |
|
| Class 13 | Mar 23, 2023 | Stealth process (Rootkit) | ch13.pdf |
|
| Class 14 | Mar 28, 2023 | Kernel Rootkit (1): Introduction | ch14.pdf | |
| Class 15 | Mar 30, 2023 | Kernel Rootkit (2): SSDT Hooking | ch15.pdf |
|
| Lab 4 (10 points) |
March 30, 2023 | Lab4: SSDT Hooking
Due on: 04/18/2023 23:59:59
|
lab4.pdf |
|
| Class 16 | April 4, 2023 | Worms (1): CVE-2008-4250 (MS08-067) | ch16.pdf |
|
| Class 17 | April 6, 2023 | Worms (2): Conficker Worm | ch17.pdf |
|
| Class 18 | Apr 11, 2023 | Volatility, Stuxnet | ch18.pdf |
|
| Class 19 | Apr 13, 2023 | Worms (3): Countermeasures against Conficker Worm | ch19.pdf |
|
| Lab 5 (10 Points) |
Apr 13, 2023 | Lab 5: Build a Dynamic Heuristic Analysis Tool for Detection of Unknown Malware
Due on: 04/27/2023 23:59:59
|
lab5.pdf |
|
| Class 20 | Apr 18, 2023 | Anti-Debugging Techniques (1): Static Anti-Debugging, TEB, PEB | ch20.pdf |
|
| Class 21 | Apr 18, 2023 | Anti-Debugging Techniques (2): Dynamic Anti-Debugging, SEH, RDTSC | ch21.pdf |
|
| Final Project (25 Points) |
Apr 25, 2023 | Malware Analysis: Zeus
Due on: 05/13/2023 23:59:59
|
FinalProject.pdf |
|
Presentation Rubric (total 15%)
Content (6%)
- Accuracy: All content throughout the presentation is accurate, and there are no factual errors. (3%)
- Relevance: The presentation covers the assigned topic comprehensively and relevantly. (3%)
Presentation (6%)
- Organization: The presentation is well-structured, with a clear introduction, body, and conclusion. (2%)
- Technical clarity: Technical terms are well-defined and explained in a clear and concise manner. (2%)
- Depth: The presentation demonstrates substance and depth, going beyond superficial explanations. (2%)
Q&A Session (2%)
- Knowledge: The student demonstrates full knowledge of the topic, answering questions confidently and accurately. (2%)
Peer Engagement (1%)
- Preparation: The student has prepared questions for other groups and shows a proactive engagement in the learning process. (1%)