Malware infections have reached epidemic proportions with over 600 million types of infection reported to date. Traditional antivirus techniques are not sufficient to stem the tide. This course will introduce students to the fundamentals of malware analysis techniques which will allow them to recognize, analyze and remediate infections. Basic static analysis techniques using antivirus scanning, hashing, string searching and other automated analysis tools will be reviewed. Dynamic approaches using system and network monitoring will be employed to detect snooping and attempts to exfiltrate data. Students will set up virtual workspaces, download tools and malware and analyze software in a secure environment. Reverse engineering will be introduced.
- Understand characteristics of malware, motivations of creators, and impacts on recipients
- Demonstrate ability to set up and utilize virtual environments for analyzing malicious software in a controlled environment
- Analyze malware using multiple static analysis techniques such as antivirus scanning, hashing, and string searching
- Analyze malware behavior dynamically using appropriate network and system monitoring tools
- Analyze malware behavior to detect and remove threats posed by macros in PDF and Microsoft Office files
- Select appropriate approaches to detecting and removing malware
- Formulate Indicators of Compromise (IoCs) from malware samples