General
This course is taught by Paolo Palumbo and other malware experts from F-Secure, a Finnish cyber security company. You will learn about malware analysis and reverse-engineering tools and methods through hands-on exercises and lectures.
The course requires a substantial amount of hands-on work and independent problem solving. Throughout the course, students will receive assignments that will focus on certain part of the discussed contents; at the end of the course, a final and more demanding assignment will be given. The problems are partly open ended and might be challenging. (If you have no previous exposure to assembly language, please allocate some extra time for learning about it.) The final grade will be based on the student's combined performance in these assignments.
The course starts on 13 January 2021. The live online lectures in Zoom are on Wednesdays at 10:15-12:00 in periods III-IV (spring semester 2021). Note that there is no plan to publish recordings of the lectures. Planned lecture topics:
13.01 - Introduction
20.01 - Full Implant Analysis: Lazarus
27.01 - Windows Internals, x86, PE File format, high level code & low level representation
03.02 - Reverse Engineering: Static Analysis
10.02 - Intel x86 Dynamic Analysis: Windbg Introduction and Reverse Engineering Hands-on
17.02 - Non-Intel Architectures
03.03 - Ghidra Reverse Engineering Hands-on for Non-Intel Archs
10.03 - Office Macro, Excel Formulas, Powershell scripts, etc.
17.03 - Email and Spam Analysis
24.03 - Detection Creation and Threat Analysis Automation
31.03 - Ethics in Cybersecurity