CS 492/592: Malware Analysis
Location: EB 103
Instructor: D. Kevin McGrath
- PDX username: dmcgrath
- Office hours:
- Location: FAB 120-15
- Times:
- Wednesday: Code Party! 18:00 - 22:00 FAB 86-01
- Whenever you see me in my office with the door open
Teaching Assistant: Gatlin Newhouse
- PDX username: gtn
- Office hours:
- Times: TBD
Recorded Lectures
All of these are raw recordings, and have not been edited.
- Week 1 - Lecture 1: no recording
- Week 1 - Lecture 2: no recording
Pages
Lecture content
- Static Analysis
- Dynamic Analysis
- Reverse Engineering
- Anti-Analysis Techniques
- Malware Families
- Shellcode Analysis
- Fuzzing and Symbolic Execution
Weekly Lecture Notes
Other stuff
Analysis Environment
- REMnux — Linux distribution for malware analysis (our primary analysis environment)
- REMnux documentation — installation, tools, and usage guides
Useful links for learning
- Malware Traffic Analysis
- Any.run — interactive malware sandbox
- VirusTotal — file/URL scanning
- Hybrid Analysis — free malware analysis
- MalwareBazaar — malware sample repository
- IDA Classroom — free educational edition of IDA Pro (industry standard)
- Cutter — GUI frontend for Rizin
- Rizin — maintained fork of radare2 with cleaner API
- radare2 — open source reverse engineering framework
- Ghidra — open source reverse engineering suite developed by the US National Security Agency (NSA)
- YARA — malware identification/classification
- AFL++ — coverage-guided fuzzer
- angr — binary analysis and symbolic execution framework
- angr CTF — guided angr exercises
- Shell Storm — shellcode database
Homework
All homework is submitted via a private GitLab repo on gitlab.cecs.pdx.edu. Add dmcgrath and gtn as developer or higher. Each assignment should be in its own folder (e.g., hw1/) with a hw1.md file and any supporting files.
Previous Offerings
- None yet