course: Master Practical Course Program Analysis
- teaching methods:
- practical course
- Moodle, computer based presentation
- responsible person:
- Prof. Dr. Thorsten Holz
- Prof. Dr. Thorsten Holz (ETIT)
- see examination rules
- offered in:
- winter term
dates in winter term
- kick-off meeting: Wednesday the 09.10.2019 from 12:00 to 13.00 o'clock in ID 03/411
All statements pertaining to examination modalities (for the summer/winter term of 2020) are given with reservations. Changes due to new requirements from the university will be announced as soon as possible.
|Form of exam:||lab|
|Registration for exam:||Directly with the lecturer|
The students obtain a profound understanding of the functionality of modern, real-world malicious software and know techniques to analyze and protect against such attacks. More specifically, the participants are proficient in corresponding reverse engineering techniques and can analyze complex malware on their own. The students can design and implement analysis tools on their own and learn how to perform research in the area of malicious software.
The practical course deepens the topics covered in the lectures "program analysis" and "OS security". The participants work in groups of typically two students and analyze a total of seven examples of real-world malicious software (malware) with an increasing level of difficulty. For each exercise, the malware samples are discussed during a mandatory meeting and corresponding analysis techniques are presented. We expect that students perform their own research and investigation to solve the exercise.
Among other aspects, the following topics will be covered: - Unpacking/deobfuscation of malware samples - Static and dynamic analysis of malware samples - Implementation of analysis tools - Development of Command & Control structures for existing malware samples
Basic knowledge in reverse engineering are recommended, for example by successful completion of the course "program analysis" and experience with x86 assembly language. Experience in systems programming under Windows (assembler / C) is helpful.
There is a mandatory meeting every two week during which we present the new exercises and every other week we offer an optional meeting to answer questions. All materials for the course are available via Moodle, please register for the course online.
At most 20 students can participate in the practical course. More information on the planned schedule and the formal requirements are discussed in a preliminary meeting that takes place in the first week of the semester.