Week | Topic | Slides | Labs | Homework |
---|---|---|---|---|
1 | Introduction Motivation Basic Analysis Chapter 1: Basic
Static Techniques
Chapter 2: Malware Analysis in VMs
Chapter 3: Basic Dynamic Analysis |
00_Intro 01_BasicTechniquesTools |
Install VM (video) 1-1, 1-2 3-2, 3-4 |
Cyberwar talk (edited) Ch01, Ch03 |
2 |
Chapter 3: Basic Dynamic Analysis
Advanced Static Analysis Chapter 4: x86
Assembly
Chapter 5: IDA Pro
Chapter 6: C code in Assembly |
02_C_x86_Windows |
5-1, 6-1, 6-2 |
Ch04, Ch06 |
3 |
Chapter 7: Malicious Windows Programs
Chapter 8: Debugging Chapter 9: OllyDbg |
03_Debugging |
7-2 9-2 |
Ch08 |
. |
Advanced Dynamic Analysis Malware Functionality Chapter 11: Malware
Behavior
Chapter 12: Covert Launching
Chapter 13: Data Encoding
Anti-Reverse-Engineering
Chapter 14: Network Signatures Chapter 15:
Anti-Disassembly
Software Armoring Chapter 16:
Anti-Debugging
Chapter 17: Anti-VM Techniques BluePill Chapter 18: Packers and Unpacking
Special Topics
Chapter 19: Shellcode
Analysis
Chapter 20: C++ Analysis
Final projectChapter 21: 64-bit Malware Fuzzing
Symbolic execution/analysis
|
04_Functionality 05_AntiReverse talk Talks #1,#2 | Slides #1,#2 06_Special MetaCTF level src 07_Fuzzing_SymbolicExecution |
11-1 12-1, 12-3 13-1, 14-1 15-1, 15-2 16-1 17-1 18-1, 19-2, 19-3 20-1 AFL labs angr labs/CTF |
Ch11, Ch12 Ch13, Ch15 Ch16 Ch18, Ch 21 00, 01, 02 03, 04, 05, 06, 07 08, 09, 10, 11, 12, 13, 14 15, 16 17 |
. |
mkdir metactf; cd metactf; virtualenv -p python3 env source env/bin/activate pip install requests bs4 wget http://thefengs.com/wuchang/courses/cs492/meta_dl.py python meta_dl.py cs492.oregonctf.org username passwordIf you wish, instead, to run the binaries on a Ubuntu VM of your own, directions for doing so are here. Note that you must ensure that radare2 and the 32-bit libraries are installed on the VM by performing
sudo apt-get install gcc-multilib radare2
Attendance | 5% |
Homeworks | 50% |
Lab notebook | 45% |