Week | Topic | Slides | Labs | Homework |
---|---|---|---|---|
1 | Introduction Motivation Basic Analysis Chapter 1: Basic
Static Techniques
Chapter 2: Malware Analysis in VMs
Chapter 3: Basic Dynamic Analysis |
00_Intro 01_BasicTechniquesTools |
Install VM (video) 1-1, 1-2 3-2, 3-4 |
Cyberwar talk (edited) Ch01, Ch03 |
2 |
Chapter 3: Basic Dynamic Analysis
Advanced Static Analysis Chapter 4: x86
Assembly
Chapter 5: IDA Pro
Chapter 6: C code in Assembly |
02_C_x86_Windows |
5-1, 6-1, 6-2 |
Ch04, Ch06 |
3 |
Chapter 7: Malicious Windows Programs
Advanced Dynamic Analysis
Chapter 8: Debugging
Chapter 9: OllyDbg |
03_Debugging |
7-2 9-2 |
Ch08 |
4 |
Malware Functionality Chapter 11: Malware
Behavior
Chapter 12: Covert Launching |
04_Functionality |
11-1 12-1, 12-3 |
Ch11, Ch12 |
5 |
Chapter 13: Data Encoding
Chapter 14: Network Signatures
Anti-Reverse-Engineering
Chapter 15:
Anti-Disassembly
Software Armoring |
05_AntiReverse talk |
13-1 14-1 15-1, 15-2 |
Ch13 Ch15 |
6 |
Chapter 16:
Anti-Debugging
Chapter 17: Anti-VM Techniques BluePill Chapter 18: Packers and Unpacking
Chapter 21: 64-bit Malware |
Talks #1,#2 | Slides
#1,#2 |
16-1 17-1 18-1 |
Ch16 Ch18 Ch21 |
7 |
Symbolic execution/analysis
|
07_Fuzzing_SymbolicExecution |
angr setup |
angr CTF 00-12 |
8 |
Fuzzing
Symbolic execution (cont.)
|
AFL labs |
angr CTF 13-17 | |
Mon. 8/15 (11:59pm) |
Deadline to submit all coursework |
mkdir metactf; cd metactf; virtualenv -p python3 env source env/bin/activate pip install requests bs4 wget http://thefengs.com/wuchang/courses/cs492/meta_dl.py python meta_dl.py cs492.oregonctf.org username passwordIf you wish, instead, to run the binaries on a Ubuntu VM of your own, directions for doing so are here. Note that you must ensure that radare2 and the 32-bit libraries are installed on the VM by performing
sudo apt-get install gcc-multilib radare2
Attendance | 5% |
Homeworks | 50% |
Lab notebook | 45% |