| title | layout |
|---|---|
Introduction to Malware Analysis and Reverse Engineering |
default |
{{ page.title }}
CS6038/CS5138 Malware Analysis
Department of Electrical Engineering and Computing Systems
College of Engineering and Applied Science
University of Cincinnati
Meets every Tue/Thu in 3210 RECCENTER @ 4:00PM-5:20PM
Want to participate?: Apply to Graduate School Here
This class will introduce the CS graduate students to malware concepts, malware analysis, and black-box reverse engineering techniques. The target audience is focused on computer science graduate students or undergraduate seniors without prior cyber security or malware experience. It is intended to introduce the students to types of malware, common attack recipes, some tools, and a wide array of malware analysis techniques.
In general, if you've taken the following courses, you should have a good foundation for
the class:
CS4029/6029 - Operating Systems
CS2029 - Data Structures
As virtualization is a key ingredient to any malware analysis, students are expected to have access to a laptop which can run multiple virtual machines at a time, with adequate CPU, RAM, and available disk storage. The minimum configuration expected to work well is a system with 4 cores (4 or 8 threads), 16GB of RAM and at least 150GB of free space on disk. Lesser configurations may work, but will likely increase the amount of wait time, minimized multitasking, and generally add to frustration.
As the https://ghidra.re site appears to be down, I have hosted an up to date copy of the Ghidra API documentation here:
Feel free to Open an Issue in Github if you ever find it is out of date, and I will update it.
Here are a list of topics that I have done lectures on, feel free to explore the content if you're looking for information on specific areas of malware analysis or reversing.
{% for t in site.explore_topics %}{{t}} {% endfor %}
{% assign year = "now" | date: "%Y" %}
{% for post in site.posts %}{% assign pyear = post.date | date: "%Y" %}{%
if post.tags contains "lecture" and pyear == year
%}{{post.date | date: "%Y-%m-%d"}} - {{post.title}} (lecture)
{% endif %}{% endfor %}
Previous Lectures Archived Here (Look here if you'd like complete sets of lectures)
{% for post in site.posts %}{% assign pyear = post.date | date: "%Y" %}{%
if post.tags contains "assignment" and pyear == year
%}{{post.assignment}}: {{post.title}} (Due: {{post.due}})
{% endif %}{% endfor %}
{% for post in site.posts %}{% assign pyear = post.date | date: "%Y" %}{%
if post.tags contains "assignment" and pyear != year
%}{{post.assignment}}: {{post.title}} (Due: {{post.due}})
{% endif %}{% endfor %}
- Malware Analysis on a Budget - Discussion of malware analysis tools and research projects out in the open-source community
- MalwareDNA - Talk about an instruction-analysis technique I devised in 2013
- Scott Nusbaum taught this class in Spring 2019, here is his great curriculum
- Adventures in Security (http://securitykitten.github.io/) - Nick Hoffman: A colleage, former coworker, and friend
- RPISEC's Malware Analysis Course - Rensselaer Polytechnic Institute
- MalwareUnicorn (http://malwareunicorn.org/) - Amanda Rousseau
- Malware Unicorn's RE101 - Amanda Rousseau, RE101 course for 2017 WiCyS Conference
- Malware Unicorn's RE102 - Amanda Rousseau, RE102 course. follow up to her 101 course
- contagio malware dump (http://contagiodump.blogspot.com/) - A malware analysis and artifact sharing blog started by Mila
- tuts4you (https://tuts4you.com/download.php) - RE tutorials, documentation, and other stuff
- RPI Malware Analysis Course - Malware Analysis course at Rensselaer Polytechnic Institute
- theZoo - A repository of LIVE malware, and navigation CLI
- Awesome Security Talks (github repository) - A long list of videos related to various security topics from conferences, going back to 2013
- Malware Analyzer - Reviews a bunch of malware analysis utilities