Organizers: Cody Cutler, Anton Burtsev
Time and place: Fridays, 1:00pm, Flux Conference Room (3485 MEB)
Mailing list: None
This seminar is an introduction to practical aspects of malware analysis. Our plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
- basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
- tools: IDA, OllyDBG
- common anti-debugging techniques
- packers and approaches to unpacking
- in-class reverse engineering sessions
- low-level mechanics of classic and advanced exploit techniques
The seminar will be structured as a series of presentations, and in-class analysis sessions. We'll prepare Emulab images for you to do exercises, and try your own experiments.
Schedule
- 05/18: Recap of the ASM language. Notes. Examples. Slides (LibreOffice .odp).
- 05/25: Tools
- 06/01: Anti-debugging techniques. Notes. Obfuscated Crackme. Slides (LibreOffice .odp).
- 06/08: Malware Sample 1 (gamarue.I) IDA dumps
- 06/15: Automatic unpacking. Notes. Slides (LibreOffice .odp).
- 06/22: Basic dynamic analysis Notes
- 06/29: No seminar
- 07/06: Modern malware: Stuxnet, Duqu, Flame Notes. Slides (LibreOffice .odp).
- 07/13: More examples: PDF malware, and rootkits Notes. Slides (LibreOffice .odp).
- 07/20: Exploits Slides
- 07/27:
- 08/03:
- 08/10:
- 08/17: