About Maleware and Malware Analysis
Malware, a term used to describe various types of malicious software, poses a significant threat to both personal privacy and computer security. This can include viruses, adware, spyware, browser hijacking software, and fake security software. When installed on a computer, these programs can relay personal information to third parties without user consent, and may also contain worms and viruses that cause significant damage. As a result, the ability to detect, analyze, understand, control, and eradicate malware is becoming a crucial issue in both economic and national security.Course Description
This course aims to provide students with a comprehensive understanding of modern malware analysis techniques through lectures and hands-on interactive analysis of real-world samples. This includes exploring various recent attacks to develop a foundation and well-rounded view of cybersecurity research. Participants will also read and discuss research papers, and conduct an independent project on a topic related to cyber risk and malware analysis.Upon completion of the course, students will be equipped with the skills to analyze advanced contemporary malware using both static and dynamic analysis methods. This knowledge will enable them to effectively detect, understand, and mitigate the impact of malware threats.
Syllabus is now available: [link]
Expected Background
No prerequisite for graduate students, although sufficient security background is expected.My expected demographic for Malware Analysis was students with zero reverse engineering experience. That said, to be able to take this course you will probably need at least the following skills.
- Basic programming concepts
- Knowledge with the C programming language, including pointers, arrays, loops, function calls, etc.
- Familiar with Unix/Linux including the command-line shell and gdb
- Familiar with Intel x86 assembly language and architecture
- Familiar with web programming concepts (HTML, HTTP, TCP, network communications)
Textbook
No Textbook
Reference book:
- Monnappa K A, Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware , ISBN 978-1788392501
- Michael Sikorski, Andrew Honig, Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, 1st Edition, ISBN 978-1593272906
Course Content
| # | Date | Topic | Slides | Supporting Materials |
|---|---|---|---|---|
| Class 1 | Jan 23, 2024 | Introduction | ch01.pdf |
|
| Class 2 | Jan 25, 2024 | Basic Concepts, DLL Injection (1) | ch02.pdf |
|
| Class 3 | Feb 01, 2024 | DLL Injection (2), Static Analysis | ch03.pdf |
|
| Class 4 | Feb 06, 2024 | IA32 Registers & Byte Ordering | ch04.pdf |
|
| Class 5 | Feb 08, 2024 | X86 ASM | ch05.pdf |
|
| Lab 1 (10 points) |
Feb 08, 2024 | Lab1: OllyDbg and DLL Injection
Due on: 02/20/2024 23:59:59
|
lab1.pdf |
|
| Class 6 | Feb 13-15, 2024 | Stack and Stack Frame | ch06.pdf |
|
| Class 7 | Feb 20, 2024 | Stack Frame (2) & Calling Convention | ch07.pdf |
|
| Lab 2 (10 points) |
Feb 20, 2024 |
Lab2: Stack, Stack Frame & CrackMe
Due on: 03/05/2024 23:59:59
|
lab2.pdf |
|
| Class 8 | Feb 22, 2023 | Dynamic Analysis, Hooks | ch08.pdf |
|
| Class 9 | Feb 27, 2024 | Message Hooks, API Hooks (1) | ch09.pdf |
|
| Class 10 | Feb 29, 2024 | API Hooks (2) | ch10.pdf |
|
| Class 11 | Mar 05, 2024 | Code Injection | ch11.pdf |
|
| Class 12 | Mar 8, 2024 | PE Structure (1) | ch12.pdf |
|
| Class 13 | Mar 19, 2024 | Code Injection (2) | ch13.pdf |
|
| Class 14 | Mar 21, 2024 | Code Injection (3) | ch14.pdf |
|
| Class 15 | Mar 26, 2024 | PE Structure (2) | ch15.pdf |
|
| Lab 3 (10 points) |
Mar 26, 2024 | Lab3: Build a heuristic malware detection system
Due on: 04/09/2024 23:59:59
|
lab3.pdf |
|
| Class 16 | Mar 28, 2024 | Stealth process | ch16.pdf |
|
| Class 17 | Apr 02, 2024 | Kernel Rootkit (1): Introduction | ch17.pdf |
|
| Class 18 | Apr 04, 2024 | Kernel Rootkit (2): SSDT Hooking | ch18.pdf |
|
| Class 19 | Apr 09, 2024 | Worms (1): CVE-2008-4250 (MS08-067) | ch19.pdf |
|
| Lab 4 (10 points) |
Apr 09, 2024 | Lab4: SSDT Hooking
Due on: 04/23/2024 23:59:59
|
lab4.pdf |
|
| Class 20 | Apr 11, 2024 | Worms (2): Conficker Worm | ch20.pdf |
|
| Class 21 | Apr 16, 2024 | Anti-virus Software, Dynamic Heuristic Analysis | ch21.pdf |
|
| Lab 5 (10 Points) |
Apr 16, 2024 | Lab 5: Build a Dynamic Heuristic Analysis Tool for Detection of Unknown Malware
Due on: 05/10/2024 23:59:59
|
lab5.pdf |
|
| Class 22 | Apr 18, 2024 | Volatility, Stuxnet | ch22.pdf |
|
| Final Project (25 Points) |
Apr 14, 2024 | Malware Analysis: Zeus
Due on: 05/10/2024 23:59:59
|
FinalProject.pdf |
|
Presentation Rubric (total 15%)
Content (6%)
- Accuracy: All content throughout the presentation is accurate, and there are no factual errors. (3%)
- Relevance: The presentation covers the assigned topic comprehensively and relevantly. (3%)
Presentation (6%)
- Organization: The presentation is well-structured, with a clear introduction, body, and conclusion. (2%)
- Technical clarity: Technical terms are well-defined and explained in a clear and concise manner. (2%)
- Depth: The presentation demonstrates substance and depth, going beyond superficial explanations. (2%)
Q&A Session (2%)
- Knowledge: The student demonstrates full knowledge of the topic, answering questions confidently and accurately. (2%)
Peer Engagement (1%)
- Preparation: The student has prepared questions for other groups and shows a proactive engagement in the learning process. (1%)