Binary and Malware Analysis

Dit vak wordt in het Engels aangeboden. Omschrijvingen kunnen daardoor mogelijk alleen in het Engels worden weergegeven.

Doel vak

Deepening insights in static and dynamic analysis, applied to binaries
and malware

Inhoud vak

Binaries in general, and malware in particular, are very hard to
analyse. Unlike with source code, you have no idea what the binary does,
or even what the data structures look like - let alone what they mean!
Security analysts, forensic experts, and reverse engineers often have to
dig their way through such programs to figure out what the code is all
about, and where the interesting pieces of information are.

How do they do this? What techniques and tools can they fall back on,
and, conversely, what techniques do the malware authors use to prevent

This is a hands-on specialization course for highly
motivated students, who will learn essential analysis techniques and
methods in both static and dynamic analysis. Not only will they pick
apart real malware, they will also be working on a set of cool and very
complicated challenges to find a secret buried deep inside a binary

For static analysis, we will look in depth at the generation of control
flow graphs, and complications that may arise due to indirect calls and
jumps (as well as deliberate obfuscation). For dynamic analysis, we will
look at data and control flow tracking (dynamic information flow

Binary patching will be used to circumvent the binary's defenses. To do
so, students need to know details about popular binary formats (ELF, PE,
etc.), and work with all manner of state-of-art system tools to analyse
the binaries (think IDA Pro, OllyDbg, taint analysis tools, etc.).

In addition, students will be exposed to programs that actively fight
static and dynamic analysis.


Hoorcollege and practical


Practical assignments


Slides and online material



Algemene informatie

Vakcode X_405100
Studiepunten 6 EC
Periode P5
Vakniveau 500
Onderwijstaal Engels
Faculteit Faculteit der Bètawetenschappen
Vakcoördinator C. Giuffrida
Examinator C. Giuffrida
Docenten C. Giuffrida
prof. dr. ir. H.J. Bos

Praktische informatie

Voor dit vak moet je zelf intekenen.

Voor dit vak kun je last-minute intekenen.

Werkvormen Hoorcollege

Dit vak is ook toegankelijk als: