This is a rough syllabus for the course. Topics may change week to week as I develop the curriculum further and in response to student feedback.
- Week 01: Introduction to VirtualBox and Lab VMs
- Week 02: Example Cyber Attack and Analysis
- Week 03: Malware Taxonomy/Terminology
- Week 04: Static Executable Analysis Overview
- Week 05: Utilizing static analysis with Yara, etc.
- Week 06: x86/amd64 assembly crash-course - IDA
- Week 07: Binary-level C data structure & construct analysis
- Week 08: PDF/OLE Document + PDFjs, OLE Document + VBA Macro structure / analysis
- Week 09: Additional topics TBD
- Week 10: Spring break - NO CLASS
- Week 11: Obfuscation / exploits - carrier documents
- Week 12: Dynamic Analysis overview
- Week 13: Run-Time Debugging Analysis, System tracing, inspection
- Week 14: Debugging analysis of running code
- Week 15: Additional topics TBD
- Week 16: Finals week - Final project
The course consists of mostly hands-on work analysing artifacts. Therefore, the entire class will consist of projects (8), a final project that will be made available toward the last week of class, and some “participation” scores which may consist of unannounced class-time quizzes, mini-assignments, or forum discussions. The final project will be a malware lab assignment that will attempt to comprehensively test your abilities on the topics covered during the entire semester.
The contribution of each of these to your score will be as follows:
- 70%: the 8 project assignments (you will get 2 weeks for each, though they might overlap)
- 20%: final project/lab
- 10%: participation
The course is intended to be attended either in-class and via a remote classroom option that was set up prior to class starting. There is the capability for any student to attend class remotely using the WebEx options listed in BlackBoard. However, the professor makes no commitment to endorse widespread use of this approach or to troubleshooting any problems related to this. If you attempt to use the online option, you’re still expected to attend during the scheduled class times. On-demand learning format is not considered in this course.
The WebEx connection information for the course is available in the BlackBoard page for this course.