Apr 24, 2024  
2019-2020 Course Catalog 
    
Catalog Navigation
  Catalog Home
  Introduction to Century College
  Mission, Vision, Values

  College Calendar

  Course Descriptions and Outlines
  Programs (Century Academic Pathway)
  Programs (Department)
  Programs (A-Z)

  Academic Policies and Program Requirements
  Admissions and Registration
  Application for Admission
  Student Services and Resources
  Student Handbook
  Transfer

  Continuing Education and Customized Training
  College Administration and Faculty
  Maps and Directions
  Archived Catalogs
  My Portfolio
HELP
2019-2020 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CVF 2201 - Malware Analysis Fundamentals & Malicious Code Analysis

Credits: 3
Hours/Week: Lecture 2 Lab 2
Course Description: This course presents the key tools and techniques malware analysts use to examine malicious programs by exploring Windows malware in two phases. Behavioral analysis focuses on the program’s interactions with its environment, such as the registry, the network and the file system. Code analysis focuses on the specimen’s code and makes use of disassembler and debugger tools such as IDA Pro and OllyDbg. This course covers how to patch malicious executables to change their functionality during the analysis without recompiling them and redirect network traffic in the lab to better interact with malware.
MnTC Goals
None

Prerequisite(s): CVF 1065  and CVF 1205  with grades of C or higher or instructor consent.
Corequisite(s): None
Recommendation: None

Major Content
  1. Configuring the malware analysis lab
  2. x86 Intel assembly language primer
  3. Handling anti-disassembling techniques
  4. Identifying key x86 assembly logic structures with a disassembler
  5. Patterns of common malware characteristics at the Windows API level (DLL injection, hooking, keylogging, sniffing, etc.)
  6. Assembling the toolkit for malware forensics
  7. Performing behavioral analysis of malicious Windows executables
  8. Performing static and dynamic code analysis of malicious Windows executables
  9. Additional learning resources for reverse-engineering malware
  10. Reinforcing the dynamic analysis concepts learned in 610.1
  11. Patching compiled malicious Windows executables
  12. Analyzing packed malicious executable files
  13. Intercepting network connections in the malware lab
  14. Analyzing Web browser malware implemented in JavaScript and Flash
  15. Core concepts for reverse-engineering malware at the code level

Learning Outcomes
At the end of this course students will be able to:

  1. analyze encrypted binaries.
  2. discover heap overflows.
  3. discover stack overflows.
  4. explain hashing functions.
  5. reverse engineer UPX and other compression types.
  6. create a sandbox to isolate malware.
  7. identify malware communication channels.
  8. monitor registry changes.
  9. unpack malware code.
  10. analyze use of Thwart anti-debugger code.
  11. explain System vs. Code Level reversing.
  12. explain conditional branching statements.
  13. demonstrate uses of IDA Pro with hostile code.
  14. identify malware variables.
  15. use Ollydbg for runtime analysis of malware.
  16. perform kernel mode debugging with SoftICE.
  17. dump executables from memory with Dumpbin.
  18. explain Obfuscation of file formats.
  19. locate undocumented APIs.

Competency 1 (1-6)
None
Competency 2 (7-10)
None


Courses and Registration


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)