Malware Threats & Analysis

Course Description

CYBV/INFV 454 provides students a methodology to safely perform static and dynamic analysis of software of potentially unknown origin, including obfuscated malware, to fully understand the software's functionality and specifications. Students will use hands- on labs and exercises to examine the fundamental principles of malware analysis and software reverse engineering. CYBV/INFV 454 meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for software reverse engineering.

Learning Outcomes

The student will:

  • Identify and explain the basic techniques used in static analysis.
  • Define and describe how to analyze malware within virtual machines.
  • Identify and explain the basic techniques used in dynamic analysis.
  • Describe the processes used to disassemble x86 code.
  • Define and demonstrate the disassembly process using IDA Pro.
  • Recognize C code constructs in Assembly.
  • Define and explain how to analyze malicious Windows programs.
  • Explain the principles of debugging.
  • Exercise critical thinking strategies including reasoning, problem solving, analysis and evaluation by:
    • Debugging kernel level code with WinDbg.
    • Identifying and differentiating between different types of malware behavior.
    • Enumerating the process malware uses to covertly launch.
    • Demonstrating how different encoding schemes are used to obfuscate code.
    • Analyzing network signatures associated with malware.