Malware Threats & Analysis
CYBV/INFV 454 provides students a methodology to safely perform static and dynamic analysis of software of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality and specifications. Students will use hands- on labs and exercises to examine the fundamental principles of malware analysis and software reverse engineering. CYBV/INFV 454 meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for software reverse engineering.
The student will:
- Identify and explain the basic techniques used in static analysis.
- Define and describe how to analyze malware within virtual machines.
- Identify and explain the basic techniques used in dynamic analysis.
- Describe the processes used to disassemble x86 code.
- Define and demonstrate the disassembly process using IDA Pro.
- Recognize C code constructs in Assembly.
- Define and explain how to analyze malicious Windows programs.
- Explain the principles of debugging.
- Exercise critical thinking strategies including reasoning, problem solving, analysis and evaluation by:
- Debugging kernel level code with WinDbg.
- Identifying and differentiating between different types of malware behavior.
- Enumerating the process malware uses to covertly launch.
- Demonstrating how different encoding schemes are used to obfuscate code.
- Analyzing network signatures associated with malware.