This is a rough syllabus for the course. Topics may change week to week as I develop the curriculum further and in response to student feedback. Some scheduling conflicts may also arise which may result in small adjustments to this schedule. If that happens, students will be notified.
- Week 01: Introduction to VirtualBox and Lab VMs
- Week 02: Intro to malware taxonomy / building a basic attack
- Week 03: Deconstruct attack with static analysis
- Week 04: x86 disassembly and analysis
- Week 05: Dynamic analysis, networking, Immunity Intro
- Week 06: Immunity Debugger analysis workflows
- Week 07: Mid-Term Project week #1, no class
- Week 08: Run-time analysis with debugger / inetsim / etc.
- Week 09: Identification with Yara and other tools
- Week 10: Spring break - NO CLASS
- Week 11: Advanced Yara Usage
- Week 12: PDF and Office Document Analysis
- Week 13: Java & SWF malware analysis
- Week 14: Android malware analysis
- Week 15: “File-less” malware analysis
- Week 16: Finals week - Final project
Students are expected to bring a laptop to class, and to have reviewed any assigned material prior to Tuesday’s class. It is recommended that students use their laptops for all classroom lab work. However, if a student wishes to use another desktop system of their own to do the work via remote access, this is permissable - but students will be on their own to ensure that this functions adequately for classroom work.
The course will be presented in a self-study format where students will be expected to study content created by and/or selected by the instructor ahead of Tuesday’s class. The concepts will then be reviewed in a hands-on instructor-led exercise during class, where students will be able to ask questions and give input during the lecture and will be expected to follow along with the exercise. This will give the students hands-on experience with the subject matter, which then will be applied on Thursdays in class for a graded assignment that is to be completed independently.
The contribution of each of these to your score will be as follows:
- 40%: independent project assignments (4 of them)
- 30%: weekly independent exercises building off instructor-led exercises
- 20%: final project/lab
- 10%: participation (in the form of quizzes and surveys)
The course is intended to be attended in-class, and the self-study content to be kept up with by students outside of class. The online content for the class will be hosted here, while any assignments and grading will be managed using the university’s new online courseware named “Canvas” (and no longer BlackBoard). Students can access UC’s canvas at https://uc.instructure.com.