Course Syllabus

Jump to Today

UNIVERSITY OF CENTRAL FLORIDA

DEPARTMENT OF COMPUTER SCIENCE

CAP 4145 Introduction to Malware Analysis

Spring 2020

Instructor:

 Jerry Hensel

Office

HEC 328

Phone

407-459-0375

E-Mail

ghensel@eecs.ucf.edu

Office Hours:

 By appointment only.

 

Course Name:

CAP 4145 Introduction to Malware Analysis

Credits:

3.00

Duration:

Jan 7, 2020 - Apr 30, 2020

Time:

TuTh 12:00PM - 1:15PM

Location:

HEC 0103

 

TA:

N/A

Email:

N/A

 

COURSE DESCRIPTION

Introduction to using reverse engineering techniques to find and analyze the behavior of programs in binary form; assembly language, reverse engineering tools, and virtual machines.

REQUIRED TEXTBOOK

Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software

by Michael Sikorski and Andrew Honig, February 2012, 800 pp., ISBN-13: 978-1-59327-290-6

COURSE PREREQUISITES

CIS 3360 Security in Computing - UCF CS

DESCRIPTION OF INSTRUCTIONAL METHODS

  • The course web site is located within Webcourse, which will be available around the school starts. Please go to the website and find out how to get your passwords if necessary.
  • Announcements, questions (and answers, etc. will be available through Webcourse.
  • Lecturing is based on a textbook or/and learning materials provided.
  • Programming may be practiced in the lab.
  • Students will be expected to be prepared for class, and must complete the assignments by the due dates.

COURSE REQUIREMENTS

Class Attendance Policy

Students should attend the class in the classroom.

Cheating and Plagiarism Policy

All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee.  Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.

 Make-up Exams

  • Make-up exams will only be given in case of serious need and only when the instructor is notified prior to the exam time. Otherwise, the grade is automatically zero for that exam/quiz.
  • Written verification for the student s inability to take an exam will be required.
  • The make-up exams will be different from those given to the class.

COURSE OBJECTIVES

  • Basic malware analysis
  • Advanced static analysis
  • Advanced dynamic analysis
  • Malware behavior
  • Anti-reverse engineering
  • Shell code analysis

EVALUATION PROCEDURES (tentative)

Components of Course Grade:

Assignments

20%

Midterm Exam

30%

Final Exam

30%

Term Project

20%

 

Grade Scale: 

 

 

A

90 ~ 100

B

80 ~ 89

C

70 ~ 79

D

60 ~ 69

F

below 60

 

Homework Assignments

  • All assignments are to be turned in on or before the due date and time. If students try and cannot turn in an assignment electronically because the campus network is down, you will not be penalized.
  • An assignment turned in up to 24-hours late will be reduced by 10% of the assignment s worth, more than 24 hours late will be reduced 100%.
  • The due date and time for each assignment will be specified on assignment postings.
  • All assignments are expected to be individually and independently completed. Should two or more students turn in substantially the same solution or program, in the judgment of the instructor, the assignment will be given a grade of zero. A second such incident will result in an F grade for the course.

 Exams

  • Exams are based on textbooks, supplementary materials, and assignments.

 Projects

  • There will be individual or group assignment/projects.
  • Each member of this class is required to join a team of at most 2 students. A team must have a team leader coordinating the communication with members and the instructor.
  • Each team must be formed within 2 weeks from the semester start and the team leader will report the list of members to the instructor once the team is formed.
  • Team work is encouraged since all members of a team will receive the same score based on the entire team’s performance for team projects.

UNIVERSITY DEADLINES: Refer to Academic Calendar

EARLY ALERT STATEMENT

Academic Success Support

As your professor, I am personally committed to supporting YOUR academic success in this course.  For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you.  If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter.  My goal is to make your learning experience in this course as meaningful and successful as possible.

Americans with Disabilities Act (ADA) Statement

 TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester. The instructor reserves the right to change the topics.

Module

Week

Topics

Description

Module 1

 

Basic malware analysis

 

Module 2

 

Advanced static analysis

 

Module 3

 

Advanced dynamic analysis

 

Module 4

 

Malware behavior

 

Module 5

 

Anti-reverse engineering

 

Module 6

 

Shell code analysis

 

 

Tools

  1. Windows XP Mode
  2. VirtualBox
  3. Labs for Practical Malware Analysis
  4. LPE-DLX_1.4, LordPE
  5. PEiD-0.95-20081103 (or PEiD)
  6. PEview
  7. Stud_PE
  8. Regshot
  9. Resource Hacker (or ResHackerPortable)
  10. Strings (1) (or Strings (2))
  11. Dependency Walker 2.2 (1) (or depends22_x86 (2))
  12. 94 (or upx309w)
  13. md5deep
  14. WinMD5Free
  15. procmon
  16. Process Explorer
  17. Regshot
  18. XVI32
  19. 7-Zip
  20. ApateDNS, needs .Net Framework 3.5 (Note: .Net Framework 3.5 setup needs Internet)
  21. Netcat
  22. INetSim (Linux)
  23. Fakenet
  24. Microsoft® Visual Studio® 2005 Express Editions (Note: setup needs Internet). (or Microsoft Visual Studio 2005 is desired if available)
  25. Windows SDK and emulator archive, including Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1 (works with Windows XP SP3 and VC++ 2005) (Note: setup needs Internet)
  26. MASM32 SDK 11
  27. FileAlyzer0
  28. HxD
  29. IDA Free (Disassembler, now 7.0 cannot run on Windows XP)
  30. OllyDbg
  31. Sysinternals Suite
  32. Windbg
  33. Wireshark-win32-1.10.14.exe (Windows XP)
  34. Wireshark all Win32 versions
  35. ImpREC
  36. radare2 (Disassembler)
  37. Malcode Analyst Pack ( Note: installer may need Internet)
  38. Hybrid Analysis
  39. VirusTotal
  40. pikker.ee

 

Course Summary:

Date Details Due