course: Master Practical Course Program Analysis

number:
142246
teaching methods:
practical course
media:
Moodle, computer based presentation
responsible person:
Prof. Dr. Thorsten Holz
lecturer:
Prof. Dr. Thorsten Holz (ETIT)
language:
german
HWS:
3
CP:
see examination rules
offered in:
winter term

dates in winter term

  • kick-off meeting: Wednesday the 09.10.2019 from 12:00 to 13.00 o'clock in ID 03/411

Exam

All statements pertaining to examination modalities (for the summer/winter term of 2020) are given with reservations. Changes due to new requirements from the university will be announced as soon as possible.
Form of exam:lab
Registration for exam:Directly with the lecturer
continual assessment

goals

The students obtain a profound understanding of the functionality of modern, real-world malicious software and know techniques to analyze and protect against such attacks. More specifically, the participants are proficient in corresponding reverse engineering techniques and can analyze complex malware on their own. The students can design and implement analysis tools on their own and learn how to perform research in the area of malicious software.

content

The practical course deepens the topics covered in the lectures "program analysis" and "OS security". The participants work in groups of typically two students and analyze a total of seven examples of real-world malicious software (malware) with an increasing level of difficulty. For each exercise, the malware samples are discussed during a mandatory meeting and corresponding analysis techniques are presented. We expect that students perform their own research and investigation to solve the exercise.

Among other aspects, the following topics will be covered: - Unpacking/deobfuscation of malware samples - Static and dynamic analysis of malware samples - Implementation of analysis tools - Development of Command & Control structures for existing malware samples

requirements

keine

recommended knowledge

Basic knowledge in reverse engineering are recommended, for example by successful completion of the course "program analysis" and experience with x86 assembly language. Experience in systems programming under Windows (assembler / C) is helpful.

miscellaneous

There is a mandatory meeting every two week during which we present the new exercises and every other week we offer an optional meeting to answer questions. All materials for the course are available via Moodle, please register for the course online.

At most 20 students can participate in the practical course. More information on the planned schedule and the formal requirements are discussed in a preliminary meeting that takes place in the first week of the semester.