Organizers: Cody Cutler, Anton Burtsev

Time and place: Fridays, 1:00pm, Flux Conference Room (3485 MEB)
Mailing list: None

This seminar is an introduction to practical aspects of malware analysis. Our plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:

• basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
• tools: IDA, OllyDBG
• common anti-debugging techniques
• packers and approaches to unpacking
• in-class reverse engineering sessions
• low-level mechanics of classic and advanced exploit techniques

The seminar will be structured as a series of presentations, and in-class analysis sessions. We'll prepare Emulab images for you to do exercises, and try your own experiments.

Schedule

• 05/18: Recap of the ASM language. Notes. Examples. Slides (LibreOffice .odp).
• 05/25: Tools
• 06/01: Anti-debugging techniques. Notes. Obfuscated Crackme. Slides (LibreOffice .odp).
• 06/08: Malware Sample 1 (gamarue.I) IDA dumps
• 06/15: Automatic unpacking. Notes. Slides (LibreOffice .odp).
• 06/22: Basic dynamic analysis Notes
• 06/29: No seminar
• 07/06: Modern malware: Stuxnet, Duqu, Flame Notes. Slides (LibreOffice .odp).
• 07/13: More examples: PDF malware, and rootkits Notes. Slides (LibreOffice .odp).
• 07/20: Exploits Slides
• 07/27:
• 08/03:
• 08/10:
• 08/17: