CSE 470A Malicious Code Analysis

Next offering: Spring 2020
instructor: Ann Sobel

Catalog description:

A critical skill within the cybersecurity field is to understand software of either unknown origin or when its source code is unavailable to assess the existence of malicious code. Students will be able to use tools to perform mostly static and limited dynamic analysis of software in an attempt to understand its functionality, both expected and abnormal.

Prerequisites:

CSE 274 and CSE 381

Learning Outcomes:

  1. Explain basic static and dynamic malware analysis.
  2. Analyze assembly code of software and demonstrate the ability to trace assembly code to probable language-specific code.
  3. Use existing tools such as IdaPro and OllyDBG to analyze object code.
  4. Demonstrate the ability to identify malicious errors.
  5. Explain basic classification of known malware strategies.

Topics:

  • Basic Static Analysis
  • Basic Dynamic Analysis
  • Source code translation to an intermediate language
  • General assembly structure
  • Use of IdaPro
  • Recognizing source code in assembly
  • Analyzing malicious Windows code
  • Using a debugger to analyze code
  • Use of OllyDBG
  • Malware behavior