Binary and Malware Analysis

2019-2020

Course Objective

Deepening insights in static and dynamic analysis, applied to binaries
and malware

Course Content

Binaries in general, and malware in particular, are very hard to
analyse. Unlike with source code, you have no idea what the binary does,
or even what the data structures look like - let alone what they mean!
Security analysts, forensic experts, and reverse engineers often have to
dig their way through such programs to figure out what the code is all
about, and where the interesting pieces of information are.

How do they do this? What techniques and tools can they fall back on,
and, conversely, what techniques do the malware authors use to prevent
this?

This is a hands-on specialization course for highly
motivated students, who will learn essential analysis techniques and
methods in both static and dynamic analysis. Not only will they pick
apart real malware, they will also be working on a set of cool and very
complicated challenges to find a secret buried deep inside a binary
program.

For static analysis, we will look in depth at the generation of control
flow graphs, and complications that may arise due to indirect calls and
jumps (as well as deliberate obfuscation). For dynamic analysis, we will
look at data and control flow tracking (dynamic information flow
tracking).

Binary patching will be used to circumvent the binary's defenses. To do
so, students need to know details about popular binary formats (ELF, PE,
etc.), and work with all manner of state-of-art system tools to analyse
the binaries (think IDA Pro, OllyDbg, taint analysis tools, etc.).

In addition, students will be exposed to programs that actively fight
static and dynamic analysis.

Teaching Methods

Lectures and practical

Method of Assessment

5 practical assignments. Each practical assignment must be passed with a
grade >= 4. The final grade is the weighted average of the assignments'
grades.

There is no resit opportunity for the practical assignments.

Literature

Slides and online material

Target Audience

mCS-HPDC, mCS-IWT, mPDCS

Recommended background knowledge

Systems programming, x86 assembly.

General Information

Course Code X_405100
Credits 6 EC
Period P5
Course Level 500
Language of Tuition English
Faculty Faculty of Science
Course Coordinator C. Giuffrida
Examiner prof. dr. ir. H.J. Bos
Teaching Staff C. Giuffrida
prof. dr. ir. H.J. Bos

Practical Information

You need to register for this course yourself

Last-minute registration is available for this course.

Teaching Methods Lecture
Target audiences

This course is also available as: