CNIT 126: Practical Malware Analysis
Fall 2013 Sam BowneSchedule · Lecture Notes · Projects · Links · Training · Home Page |
Catalog DescriptionLearn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools.Advisory: CS 110A or equivalent familiarity with programming Upon successful completion of this course, the student will be able to:
Textbook"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901 Buy from Amazon |
Schedule (may be revised) | ||||
---|---|---|---|---|
Note: Chapter Numbers are one too high in the E-Book: Chapter 2 is mislabelled as Chapter 1, etc. | ||||
Date | Quiz | Topic | ||
Mon 8-19 | 0: Malware Analysis Primer & 1: Basic Static Techniques | |||
Mon 8-26 | 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis | |||
Fri 8-30 | Last Day to Add Classes | |||
Mon 9-2 | Holiday - No Class | |||
Mon 9-9 | Quiz: Ch 0: Malware Analysis Primer - 3: Basic Dynamic Analysis Proj 1-3 due |
4: A Crash Course in x86 Disassembly | ||
Mon 9-16 | Quiz: Ch 4: A Crash Course in x86 Disassembly Proj 4 due |
5: IDA Pro | ||
Mon 9-23 | Quiz: Ch 5: IDA Pro Proj 5-6 due |
6: Recognizing C Code Constructs in Assembly | ||
Mon 9-30 | Quiz: Ch 6: Recognizing C Code Constructs in Assembly Proj 7 due |
7: Analyzing Malicious Windows Programs | ||
Mon 10-7 | Quiz: Ch 7: Analyzing Malicious Windows Programs Proj 8-9 due |
8: Debugging | ||
Mon 10-14 | Quiz: Ch 8: Debugging Proj 10 due |
9: OllyDbg | ||
Mon 10-21 | Class starts at 6:30 Quiz: Ch 9: OllyDbg Proj 11 due |
10: Kernel Debugging with WinDbg | ||
Tue 10-22 | Mid-Term Grades Due | |||
Mon 10-28 | Quiz: Ch 10: Kernel Debugging with WinDbg Proj 12 due |
11: Malware Behavior | ||
Mon 11-4 | Quiz: Ch 11: Malware Behavior Proj 13-14 due |
12: Covert Malware Launching | ||
Mon 11-11 | Holiday - No Class | |||
Thu 11-14 | Last Day to Withdraw | |||
Mon 11-18 | Quiz: Ch 12: Covert Malware Launching Proj 15 due |
13: Data Encoding | ||
Mon 11-25 |
|
Guest Speaker: Mike Scutt from Mandiant A Day in the Life: Stories From the Field No Quiz, No Projects due | ||
Mon 12-2 | Quiz: Ch 13: Data Encoding Proj 16 due |
14: Malware-Focused Network Signatures | ||
Mon 12-9 | No Quiz All Extra Credit Projects Due |
Last Class: TBA | ||
Mon 12-16 | Final Exam |
Lecture NotesPolicyGuest lecture from Mandiant: A Day in the Life: Stories From the Field
Basic Analysis
0: Malware Analysis Primer & 1: Basic Static Techniques
PPTX Advanced Static Analysis
4: A Crash Course in x86 Disassembly
PPTX
Advanced Dynamic Analysis8: Debugging PPT9: OllyDbg PPT 10: Kernel Debugging with WinDbg PPT Malware Functionality11: Malware Behavior PPT12: Covert Malware Launching PPTX 13: Data Encoding PPTX 14: Malware-Focused Network Signatures PPTX Anti-Reverse-Engineering15: Anti-Disassembly16: Anti-Debugging 17: Anti-Virtual Machine Techniques 18: Packers and Unpacking Special Topics19: Shellcode Analysis20: C++ Analysis 21: 64-Bit Malware
The lectures are in Word and PowerPoint formats. |