CNIT 126: Practical Malware Analysis
Fall 2014 Sam BowneSchedule · Lecture Notes · Projects · Links · Training · Home Page |
Catalog DescriptionLearn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools.Advisory: CS 110A or equivalent familiarity with programming Upon successful completion of this course, the student will be able to:
Textbook"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901 Buy from Amazon |
Schedule (may be revised) | ||||
---|---|---|---|---|
Note: Chapter Numbers are one too high in the E-Book: Chapter 2 is mislabelled as Chapter 1, etc. | ||||
Date | Quiz | Topic | ||
Mon 8-18 | 0: Malware Analysis Primer & 1: Basic Static Techniques | |||
Mon 8-25 | 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis | |||
Mon 9-1 | Holiday - No Class | |||
Fri 9-5 | Last Day to Add Classes | |||
Mon 9-8 | Quiz: Ch 0: Malware Analysis Primer - 3: Basic Dynamic Analysis Proj 1-3 due |
4: A Crash Course in x86 Disassembly | ||
Mon 9-15 | Quiz: Ch 4: A Crash Course in x86 Disassembly Proj 4 due |
5: IDA Pro | ||
Mon 9-22 | Quiz: Ch 5: IDA Pro Proj 5-6 due |
6: Recognizing C Code Constructs in Assembly | ||
Mon 9-29 | Quiz: Ch 6: Recognizing C Code Constructs in Assembly Proj 7 due |
7: Analyzing Malicious Windows Programs | ||
Mon 10-6 |
Guest Speaker: Trey Ford, from Rapid7 |
|||
Mon 10-13 | Quiz: Ch 7: Analyzing Malicious Windows Programs Proj 8-9 due |
8: Debugging | ||
Mon 10-20 | Quiz: Ch 8: Debugging Proj 10 due |
9: OllyDbg | ||
Tue 10-22 | Mid-Term Grades Due | |||
Mon 10-27 |
Quiz: Ch 9: OllyDbg Proj 11 due |
10: Kernel Debugging with WinDbg | ||
Mon 11-3 | Quiz: Ch 10: Kernel Debugging with WinDbg Proj 12 due |
11: Malware Behavior | ||
Mon 11-10 | Holiday - No Class | |||
Thu, Nov 13 6 PM SCIE 200 |
Wardriving (extra credit) | |||
Thu 11-13 | Last Day to Withdraw | |||
Mon 11-17 | Quiz: Ch 11: Malware Behavior Proj 13-14 due |
12: Covert Malware Launching | ||
Mon 11-24 | Quiz: Ch 12: Covert Malware Launching Proj 15 due |
13: Data Encoding | ||
Mon 12-1 | Quiz: Ch 13: Data Encoding Proj 16 due |
14: Malware-Focused Network Signatures | ||
Mon 12-8 | No Quiz All Extra Credit Projects Due |
Last Class: Developing Windows Exploits (extra credit) | ||
Mon 12-15 | Final Exam: Room SCIE 37 with Richard Taha's class |
Lecture NotesPolicyGuest lecture from Mandiant: A Day in the Life: .Stories From the Field
Basic Analysis
0: Malware Analysis Primer & 1: Basic Static Techniques
PPTX Advanced Static Analysis
4: A Crash Course in x86 Disassembly
PPTX
Advanced Dynamic Analysis8: Debugging PPT9: OllyDbg PPT 10: Kernel Debugging with WinDbg PPT Malware Functionality11: Malware Behavior PPT12: Covert Malware Launching PPTX 13: Data Encoding PPTX 14: Malware-Focused Network Signatures PPTX Anti-Reverse-Engineering15: Anti-Disassembly16: Anti-Debugging 17: Anti-Virtual Machine Techniques 18: Packers and Unpacking Special Topics19: Shellcode Analysis20: C++ Analysis 21: 64-Bit Malware
The lectures are in Word and PowerPoint formats. |