Professional Documents
Culture Documents
Course Description
This course introduces the use of reverse engineering techniques to find and analyze the
behavior of malware in binary form. The topics include basic static analysis, basic dynamic
analysis, advanced static analysis, advanced dynamic analysis, shell code analysis, malware
behavior and anti-reverse engineering. To take this course, students shall have experience in
the C programming language. Knowledge of assembly language is preferred although not
necessary since the course will have a crash mini-course in X86 disassembly covering
assembly language. The students will do the assignments and labs on either their own
computers or in a virtual lab environment.
Course Materials
This class is challenging given that students will perform reverse engineering of software
binaries and assembly language will be taught in the class. You will need to stay self-motivated
and participatory throughout the entire semester.
Required Book
Practical Malware Analysis - The Hands-On Guide to Dissecting Malicious Software
by Michael Sikorski and Andrew Honig, February 2012, 800 pp.
ISBN-13: 978-1-59327-290-6
Required Software
For assignments, students in this class will submit files in either Microsoft Office formats or PDF.
If students do not currently have Office, please access the following link: UMLIT Software
Services for Students - Office for Students for computers and mobile devices. Students may
also access vLabs, which allows students to access the university's software including Microsoft
Office anytime from anywhere.
Netiquette
Netiquette stands for Network Etiquette. It refers to proper behavior while interacting online. The
golden rule of netiquette is essentially to treat people as you would want to be treated. Please
be polite and considerate. Think about whether your comment could cause hurt feelings. Be
careful about how your words can come across because misunderstandings can be common
online. Feel free to use emoticons to show your tone.
Assignment Guidelines
How You Will Be Graded
Your final course grade will be based on the following
Labs
• The class has 10 labs, one lab for each chapter. Each lab is released on a Monday
when we start a new chapter. All labs are to be turned in on or before the due date and
time, which is 11:59PM on a Sunday. The due date and time for each lab will be
specified on assignment postings.
• A lab is worth 10 points. The 10 labs count as 30% of a student’s final score.
• Each lab has a few questions, which may be steps performed by students to perform
software operations. Each question has a score.
• A lab turned in up to 24-hours late will be reduced by 10% of the worth, and more than
24 hours late will be reduced 100%.
• All labs are expected to be individually and independently completed. Should two or
more students turn in substantially the same solution or program, in the judgment of the
instructor, the assignment will be given a grade of zero and the student will be notified. A
second such incident will result in an F grade for the course.
Term Project
• In the term project, students will complete steps to exploit a server with a buffer overflow
vulnerability.
• The term project can be completed by individual students or a team of two students. It is
a responsibility of a student to find a team member.
• Students are encouraged to join a team. Teamwork is encouraged since all members of
a team will receive the same score based on the entire team’s performance for team
project. A team project has to list the contributions from each member.
• Term project is to be turned in on or before the due date and time given in the course
calendar at the end of this syllabus. The due date and time for term project will be also
specified on the corresponding assignment posting.
• The term project is worth 10 points and count as 10% of a student’s final grade. It has a
few questions, which may be steps performed by students to perform software
operations. Each question has a score.
• Term project turned in up to 24-hours late will be reduced by 10% of the worth, and more
than 24 hours late will be reduced 100%.
Exams
• We have a midterm exam and a final exam in Week 8 and Week 15 of this class
respectively.
• Exams are based on textbooks, supplementary materials, and assignments.
• All exams will be open book.
• The start date and time of an exam will be always at 12:00AM on a specified date and
the end date and time will be always at 11:59PM on a specified date.
• An exam will have true/false questions and multiple-choice questions. Each question’s
worth will be explicitly stated in the exam.
• Make-up exams will only be given in case of serious need and only when the instructor
is notified prior to the exam time. Otherwise, the grade is automatically zero for that
exam.
• The make-up exams will be different from those given to the class.
Course Calendar
Week Chapter Assignment Assigned Due Date
1 Chapter 0: Primer Forum 9/1/22 9/11/22
2 Chapter 2: VM Lab 9/5/22 9/11/22
3 Chapter 1: Basic Static Analysis Forum 9/12/22 9/18/22
Lab
4 Chapter 3: Basic Dynamic Forum 9/19/22 9/25/22
Analysis Lab
5&6 Chapter 4: A Crash Course in Forum 9/26/22 10/9/22
X86 Disassembly Lab
7 Chapter 5: IDA Forum 10/10/22 10/16/22
Lab
8 Midterm Exam Covering chapters 0, 10/17/22 10/23/22
2, 1, 3, 4, 5
Week Chapter Assignment Assigned Due Date
8 Chapter 8: Debugging Forum 10/17/22 10/23/22
Lab
9 Term Project Exploit a program with 10/24/22 5/2/21
a buffer overflow
vulnerability
9 Chapter 9: Ollydbg/immunity Forum 10/24/22 10/30/22
debugger Lab
10&11 Chapter 19: Shellcode Analysis Forum 10/31/22 11/13/22
Lab
12&13 Chapter 7: Analyzing Malicious Forum 11/14/22 11/27/22
Windows Programs Lab
14&15 Chapter 11: Malware Behavior Forum 11/28/22 12/11/22
Lab
16 Final Exam Covering chapters 8, 12/12/22 12/20/22
9, 19, 7, 11