CNIT 126: Practical Malware AnalysisFall 2018 Sam Bowne
Schedule · Lecture Notes · Projects · Links · Home Page |
Catalog DescriptionLearn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools.Advisory: CS 110A or equivalent familiarity with programming Upon successful completion of this course, the student will be able to:
Textbook"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901 Buy from AmazonQuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Live StreamingLive stream at: Kahoot and ZoomThe Kahoot competitions don't work well with the CCSF livestream, because it has a delay. For them, use Zoom: For class-related questions, please emailcnit.126sam@gmail.com |
Schedule (may be revised) | ||||
---|---|---|---|---|
Note: Chapter Numbers are one too high in the E-Book: Chapter 0 is mislabelled as Chapter 1, etc. | ||||
Date | Quiz | Topic | ||
Tue 8-21 | 0: Malware Analysis Primer & 1: Basic Static Techniques
| |||
Tue 8-28 | Quiz: Ch 0-1 *
Quiz: Ch 2-3 * |
2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
| ||
Tue 9-4 | Quiz: Ch 4 *
Proj 1-2 due * |
4: A Crash Course in x86 Disassembly
| ||
Fri 9-7 | Last Day to Add Classes | |||
Tue 9-11 | Quiz: Ch 8
Proj 3 due |
8: Debugging
| ||
Tue 9-18 | Quiz: Ch 9
Proj 4-5 due |
9: OllyDbg
| ||
Tue 9-25 | Quiz: Ch 5
Proj 6 due |
5: IDA Pro
| ||
Tue 10-2 | Quiz: Ch 6
Proj 7-8 due |
6: Recognizing C Code Constructs in Assembly
| ||
Tue 10-9 | Quiz: Ch 7
Proj 9 due |
7: Analyzing Malicious Windows Programs
| ||
Tue 10-16 | Holiday - No Class | |||
Tue 10-23 | Quiz: Ch 10
Proj 10-11 due |
10: Kernel Debugging with WinDbg
| ||
Tue 10-30 | Quiz: Ch 11
Proj 12 due |
11: Malware Behavior
| ||
Tue 11-6 | No Quiz No Proj due |
|
||
Tue 11-13 | Quiz: Ch 12
Proj 13 & 14 due |
12: Covert Malware Launching
| ||
Tue 11-20 | CLASS CANCELLED DUE TO SMOKE | |||
Tue 11-27 | Quiz: Ch 13
Proj 15 & 16 due |
13: Data Encoding
| ||
Tue 12-4 | No Quiz
No Proj due |
| ||
Tue 12-11 | Quiz Ch 14 Available (extra credit)
Proj 17 & 18 due |
Last Class: 14: Malware-Focused Network Signatures
| ||
Thu 12-13 - Thu 12-20 |
Final Exam available online throughout the week. You can only take it once. | |||
All quizzes due 30 min. before class * No late penalty until after 9-11 |
Lecture NotesPolicyBasic Analysis
0: Malware Analysis Primer & 1: Basic Static Techniques ·
KEY
4: A Crash Course in x86 Disassembly ·
KEY
Advanced Dynamic Analysis8: Debugging · KEY (Updated 9-11-18)9: OllyDbg · KEY 10: Kernel Debugging with WinDbg · KEY Malware Functionality11: Malware Behavior KEY PDF12: Covert Malware Launching KEY PDF 13: Data Encoding KEY PDF Slides below this line are being updated
14: Malware-Focused Network Signatures
KEY Anti-Reverse-Engineering15: Anti-Disassembly KEY16: Anti-Debugging 17: Anti-Virtual Machine Techniques 18: Packers and Unpacking Special Topics19: Shellcode Analysis20: C++ Analysis 21: 64-Bit Malware
Click a lecture name to see it on SlideShare. |
Virtual Machine Resources | |
---|---|
Download Textbook Labs Here
All the projects run on a single Windows Server 2008 machine.
|