Practical Malware Analysis

Summer 2017 Sam Bowne

SCOREBOARD

Learn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools.

Familiarity with programming in C and assembler is helpful but not necessary.

Download VM Win2008Malware.7z
2,073,173,278 bytes
SHA-256
c2d59bb80d71cb73350fe436d2658eeb
46c869edce66c950ce97268e2a2fa25a

Basic Static Analysis

1. Basic Static Techniques (10 pts.)
2. Unpacking
3. Challenge: Name the Packer (5 pts)
4. Challenge: Datestamp (5 pts)

Basic Dynamic Analysis

5. Basic Static Techniques
6. Keylogger (15 pts.)
7. Challenge: Beacons (10 pts)

Advanced Static Analysis

8. Jasmin
9. Challenge: Secret Message (10 pts)
10. IDA Pro
11. Challenges with IDA (50 pts)

Advanced Dynamic Analysis

12. Simple EXE Hacking with Ollydbg (20 pts.)
13: Adding Trojan Code with LordPE (20 pts.)
14: Patching EXEs with Ollydbg (100 pts.)
15. Kernel Debugging with LiveKd & WinDbg (15 pts.)
16. SSDT Hooking (15 pts.)

Extra Challenge

C1. AES & PBKDF2 in Python (40 pts.)

Tools Used

Other Projects

Proj 3: INetSim (20 pts.) (rev. 2-1-16)
Proj 7: Compiling C on Windows 2008 Server (15 pts.) (rev. 2-27-17)
Proj 8: Disassembling C on Windows (15 pts. + 10 extra credit) (rev. 2-27-17)
Proj 9: Disassembling C on Windows Part 2 (15 pts. + 10 extra credit) (Modified 3-20-17)
Proj 11: Using OllyDbg to Analyze Lab09-01.exe (rev. 3-21-16) (15 pts.)
Proj 12: Kernel Debugging with Livekd on Windows Server 2008 (20 pts.) (Updated 3-11-17)
Proj 13: Using Kernel Debugging Commands with WinDbg (15 pts.) (rev. 4-19-17)
Proj 14: Malware Behavior (Lab 11-1) (35 pts.) (updated 4-19-17)
Proj 15: Covert Malware Launching (Lab 12-1) (rev. 4-18-16) (25 pts.)
Proj 16: Data Encoding (Lab 13-1) (25 pts.) (rev. 4-24-17)

Extra Credit Projects

Proj 1x: File and Strings (10 pts. extra credit)
      121-X11-files.zip (rev. 8-22-13)
Proj 3x: Harvesting Files from Packet Captures with Wireshark (10 pts.)
      pX12-121.pcap (1.2 MB)
Proj 4x: Introduction to Hopper (20 points) (rev. 2-22-16)
Proj 5x: Assembly Code Challenges (30 points) (rev. 2-9-16)
Proj 6x: Disassembling C on Windows Part 3 (15 pts. + 10 extra credit)
Proj 7x: Analyzing Malicious Windows Programs (Lab 7-2) (15 pts.)
Proj 8x: Using WinDbg on a Crash Dump (15 pts.)
Project 12x: Anti-Disassembly (Lab 15-1) (15 pts.)

Classes

CNIT 126: Practical Malware Analysis
CNIT 127: Exploit Development
CNIT 128: Hacking Mobile Devices
CNIT 123 Ethical Hacking and Network Defense
CNIT 124 Advanced Ethical Hacking
CNIT 40: DNS Security
CNIT 141: Cryptography for Computer Networks
Last Updated: 7-25-17 2:34 pm