Course ObjectiveDeepening insights in static and dynamic analysis, applied to binaries
Course ContentBinaries in general, and malware in particular, are very hard to
analyse. Unlike with source code, you have no idea what the binary does,
or even what the data structures look like - let alone what they mean!
Security analysts, forensic experts, and reverse engineers often have to
dig their way through such programs to figure out what the code is all
about, and where the interesting pieces of information are.
How do they do this? What techniques and tools can they fall back on,
and, conversely, what techniques do the malware authors use to prevent
This is a hands-on specialization course for highly
motivated students, who will learn essential analysis techniques and
methods in both static and dynamic analysis. Not only will they pick
apart real malware, they will also be working on a set of cool and very
complicated challenges to find a secret buried deep inside a binary
For static analysis, we will look in depth at the generation of control
flow graphs, and complications that may arise due to indirect calls and
jumps (as well as deliberate obfuscation). For dynamic analysis, we will
look at data and control flow tracking (dynamic information flow
Binary patching will be used to circumvent the binary's defenses. To do
so, students need to know details about popular binary formats (ELF, PE,
etc.), and work with all manner of state-of-art system tools to analyse
the binaries (think IDA Pro, OllyDbg, taint analysis tools, etc.).
In addition, students will be exposed to programs that actively fight
static and dynamic analysis.
Teaching MethodsLectures and practical
Method of Assessment5 practical assignments. Each practical assignment must be passed with a
grade >= 4. The final grade is the weighted average of the assignments'
There is no resit opportunity for the practical assignments.
LiteratureSlides and online material
Target AudiencemCS-HPDC, mCS-IWT, mPDCS
Recommended background knowledgeSystems programming, x86 assembly.
|Language of Tuition||English|
|Faculty||Faculty of Science|
|Course Coordinator||dr. C. Giuffrida|
|Examiner||prof. dr. ir. H.J. Bos|
dr. C. Giuffrida
prof. dr. ir. H.J. Bos
You need to register for this course yourself
Last-minute registration is available for this course.
This course is also available as: