Binary and Malware Analysis

2018-2019
Dit vak wordt in het Engels aangeboden. Omschrijvingen kunnen daardoor mogelijk alleen in het Engels worden weergegeven.

Doel vak

Deepening insights in static and dynamic analysis, applied to binaries
and malware

Inhoud vak

Binaries in general, and malware in particular, are very hard to
analyse. Unlike with source code, you have no idea what the binary does,
or even what the data structures look like - let alone what they mean!
Security analysts, forensic experts, and reverse engineers often have to
dig their way through such programs to figure out what the code is all
about, and where the interesting pieces of information are.

How do they do this? What techniques and tools can they fall back on,
and, conversely, what techniques do the malware authors use to prevent
this?

This is a hands-on specialization course for highly
motivated students, who will learn essential analysis techniques and
methods in both static and dynamic analysis. Not only will they pick
apart real malware, they will also be working on a set of cool and very
complicated challenges to find a secret buried deep inside a binary
program.

For static analysis, we will look in depth at the generation of control
flow graphs, and complications that may arise due to indirect calls and
jumps (as well as deliberate obfuscation). For dynamic analysis, we will
look at data and control flow tracking (dynamic information flow
tracking).

Binary patching will be used to circumvent the binary's defenses. To do
so, students need to know details about popular binary formats (ELF, PE,
etc.), and work with all manner of state-of-art system tools to analyse
the binaries (think IDA Pro, OllyDbg, taint analysis tools, etc.).

In addition, students will be exposed to programs that actively fight
static and dynamic analysis.

Onderwijsvorm

Hoorcollege and practical

Toetsvorm

Practical assignments

Literatuur

Slides and online material

Doelgroep

mCS-HPDC, mCS-IWT, mPDCS

Algemene informatie

Vakcode X_405100
Studiepunten 6 EC
Periode P5
Vakniveau 500
Onderwijstaal Engels
Faculteit Faculteit der Bètawetenschappen
Vakcoördinator C. Giuffrida
Examinator C. Giuffrida
Docenten C. Giuffrida
prof. dr. ir. H.J. Bos

Praktische informatie

Voor dit vak moet je zelf intekenen.

Voor dit vak kun je last-minute intekenen.

Werkvormen Hoorcollege
Doelgroepen

Dit vak is ook toegankelijk als: