CYBV454

Malware Threats & Analysis

Course Description

CYBV/INFV 454 provides students a methodology to safely perform static and dynamic analysis of software of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality and specifications. Students will use hands- on labs and exercises to examine the fundamental principles of malware analysis and software reverse engineering. CYBV/INFV 454 meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for software reverse engineering.

Learning Outcomes

The student will:

• Identify and explain the basic techniques used in static analysis.
• Define and describe how to analyze malware within virtual machines.
• Identify and explain the basic techniques used in dynamic analysis.
• Describe the processes used to disassemble x86 code.
• Define and demonstrate the disassembly process using IDA Pro.
• Recognize C code constructs in Assembly.
• Define and explain how to analyze malicious Windows programs.
• Explain the principles of debugging.
• Exercise critical thinking strategies including reasoning, problem solving, analysis and evaluation by:
  • Debugging kernel level code with WinDbg.
  • Identifying and differentiating between different types of malware behavior.
  • Enumerating the process malware uses to covertly launch.
  • Demonstrating how different encoding schemes are used to obfuscate code.
  • Analyzing network signatures associated with malware.