Published on January 16th, 2016 📆 | 4802 Views ⚑
0RPISEC– Malware Analysis
This material was developed and used by RPISEC to teach Malware Analysis at Rensselaer Polytechnic Institute in Fall 2015. This was a university course developed and run solely by students, primarily using the Practical Malware Analysis book by Michael Sikorski and Andrew Honig, to teach skills in reverse engineering, malicious behaviour, malware, and anti-analysis techniques.
With the increased use of the Internet and prevalence of computing systems in critical infrastructure, technology is undoubtedly a vital part of modern daily life. Unfortunately, the increasingly networked nature of the modern world has also enabled the spread of malicious software, or “malware”, ranging from annoying adware to advanced nation-state sponsored cyber-weaponry. As a result, the ability to detect, analyze, understand, control, and eradicate malware is an increasingly important issue of economic and national security.
[adsense size='1']
This course will introduce students to modern malware analysis techniques through readings and hands-on interactive analysis of real-world samples. After taking this course students will be equipped with the skills to analyze advanced contemporary malware using both static and dynamic analysis.
Expected demographic for RPISEC: Malware Analysis are students with zero reverse engineering experience.
Lecture Breakdown
Lecture | Title | Topics |
---|---|---|
01 | Introduction | Syllabus, Basic Static Analysis, Basic Dynamic Analysis |
02 | Advanced Static Analysis | x86, IDA, Code Constructs |
03 | Analyzing Windows Programs | WinAPI, Handles, Windows Internals, Networking, COM |
04 | Advanced Dynamic Analysis | Debugging Concepts and Tools |
05 | Malware Behavior | Malicious Activities and Techniques |
06 | Data Encoding and Malware Countermeasures | Hiding Data, Malware Countermeasures |
07 | Covert Malware Launching | Covert Launching and Execution |
08 | Anti-Analysis | Anti-Disassembly, Anti-VM, Anti-Debugging, Anti-AV |
09 | Packing and Unpacking | Packers, Packing, and Unpacking |
10 | Intro to Windows Kernel | Kernel Basics, Windows Kernel API, Windows Drivers, Kernel Debugging |
11 | Rootkit Techniques | Hooking, Patching, Direct Kernel Object Manipulation |
12 | Rootkit Anti-Forensics and Covert Channels | Anti-forensics, Covert Channels |
Tools
[adsense size='3']
Gloss