(Required) |
CNIT 126: Practical Malware AnalysisFall 2022 Sam Bowne
Schedule · Lecture Notes · Projects · Links · Home Page
|
(Optional) |
Catalog DescriptionLearn how to analyze malware, including computer viruses, trojans, and rootkits, using disassemblers, debuggers, static and dynamic analysis, using IDA Pro, OllyDbg and other tools.Advisory: CS 110A or equivalent familiarity with programming Upon successful completion of this course, the student will be able to:
Textbook"Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software", by Michael Sikorski and Andrew Honig; ISBN-10: 1593272901 Buy from AmazonQuizzesThe quizzes are multiple-choice, online, and open-book. However, you may not ask other people to help you during the quizzes. You will need to study the textbook chapter before the lecture covering it, and take the quiz before that class. Each quiz is due 30 min. before class. Each quiz has 5 questions, you have ten minutes to take it, and you can make two attempts. If you take the quiz twice, the higher score counts. Discussion BoardEach CCSF student must contribute to the Discussion Board in Canvas. There are dates listed in the schedule with Discussion assignment due. For class-related questions, please send messages inside Canvas or emailcnit.126sam@gmail.com |
Schedule (may be revised) | ||||
---|---|---|---|---|
Note: Chapter Numbers are one too high in the E-Book Chapter 0 is mislabelled as Chapter 1, etc. | ||||
Date | Quiz | Topic | ||
Tue 8-23 | 0: Malware Analysis Primer & 1: Basic Static Techniques
| |||
Tue 8-30 | Quiz: Ch 0-1 * Quiz: Ch 2-3 * Proj PMA 41 & 101 * | 2: Malware Analysis in Virtual Machines & 3: Basic Dynamic Analysis
| ||
Fri 9-2 | Last Day to Add Classes | |||
Tue 9-6 | Quiz: Ch 4 * Proj PMA 221 & 105 * Discussion 1 * | 4: A Crash Course in x86 Disassembly
| ||
Tue 9-13 | Quiz: Ch 8 Discussion 2 | 8: Debugging
| ||
Tue 9-20 | Quiz: Ch 9
Proj PMA 102 & 121 Discussion 3 | 9: OllyDbg
| ||
Tue 9-27 | No Quiz
Proj PMA 122 & 123 | Project Demos: PMA 122, 124, 126
| ||
Tue 10-4 | Quiz: Ch 5
Proj PMA 124 & 126 Discussion 4 | 5: IDA Pro
| ||
Tue 10-11 | No Quiz
Proj PMA 403 & 301 Discussion 5 | Assembler CTF Demo: PMA 402 & PMA 410
| ||
Tue 10-18 | Quiz: Ch 6
Proj PMA 401 & 402 Discussion 6 | 6: Recognizing C Code Constructs in Assembly
| ||
Tue 10-25 | No Quiz |
| ||
Tue 11-1 | Quiz: Ch 7
Proj PMA 410 Discussion 7 | 7: Analyzing Malicious Windows Programs
| ||
Tue 11-8 | Quiz: Ch 10
Proj PMA 430 & 431 Discussion 8 | 10: Kernel Debugging with WinDbg
| ||
Tue 11-15 | Quiz: Ch 11
Proj PMA 432 & 132 Discussion 9 | 11: Malware Behavior
| ||
Tue 11-22 | No Quiz |
Rust: Demos of Proj R 10 & R 20
| ||
Tue 11-29 | Quiz: Ch 12 Proj PMA 303 & 304 Discussion 10 | 12: Covert Malware Launching
| ||
Tue 12-6 | No Quiz All Extra Credit Due Discussion 11 | Last Class: No new material
| ||
Tue 12-13 through Tue 12-20 | Final Exam available online throughout the week. You can only take it once. | |||
All quizzes due 30 min. before class * No late penalty until 9-13 |