Introduction to Malware Reverse Engineering
(3-0-1-4)
CMPE Degree: This course is Selected Elective for the CMPE degree.
EE Degree: This course is Selected Elective for the EE degree.
Lab Hours: 0 supervised lab hours and 1 unsupervised lab hours.
Technical Interest Groups / Course Categories: Threads / ECE Electives
Course Coordinator: Brendan D Saltaformaggio
Prerequisites: ECE 2035 [min C] or ECE 2036 [min C] or CS 2200 [min C]
Catalog Description
This course exposes students to an immersive, hands-on experience in the dissection and analysis of the code, structure, and functionality of malicious software.Textbook(s)
Course Outcomes
Identify and disarm common anti-analysis behaviors in malware samples
Statically reverse engineer malware samples in a disassembler
Decide upon and employ appropriate reverse engineering tools for a range of malware analysis cases
Reverse engineer exploit inputs for benign program binaries
Dynamically unpack malware in a debugger and extract clean disassemblies
Strategic Performance Indicators (SPIs)
N/A
Topic List
- Reverse Engineering Principles
- Intro. to Malware and Assembly Language
- Background on Malware
- Low-Level Software
- Overview of Intel Assembly Language
- Virtual Machines for Interpreted High-Level Languages
- Representation of Compiled High-Level Language Structures in Assembly
- Operating Systems Background
- Executable File Formats
- PE Files
- Import Address Table
- Analysis of Malicious Software
- System Monitoring Tools
- Dynamic Tracing: System Calls, Filesystem, and Registry
- Compiler Issues
- Debuggers
- Disassemblers
- Memory Analysis to Support Reverse Engineering
- Advanced Reverse Engineering Techniques
- Encrypted/Packed Executables
- Anti-Debugging Techniques
- Anti-VM Techniques
- Code Obfuscation
- Remediation of Advanced Persistent Threats
- Determination of Malicious Behaviors
- Analysis of Decompiled Source Code
- Revelation of Command and Control Functionalities