Topic outline

  • This course is taught by Paolo Palumbo and other malware experts from F-Secure, a Finnish cyber security company. You will learn about malware analysis and reverse-engineering tools and methods through hands-on exercises and lectures. 

    The course requires a substantial amount of hands-on work and independent problem solving. Throughout the course, students will receive assignments that will focus on certain part of the discussed contents; at the end of the course, a final and more demanding assignment will be given. The problems are partly open ended and might be challenging. (If you have no previous exposure to assembly language, please allocate some extra time for learning about it.) The final grade will be based on the student's combined performance in these assignments.

    The course starts on 13 January 2021The live online lectures in Zoom are on Wednesdays at 10:15-12:00 in periods III-IV (spring semester 2021). Note that there is no plan to publish recordings of the lectures. Planned lecture topics:

    13.01 - Introduction

    20.01 - Full Implant Analysis: Lazarus

    27.01 - Windows Internals, x86, PE File format, high level code & low level representation

    03.02 - Reverse Engineering: Static Analysis

    10.02 - Intel x86 Dynamic Analysis: Windbg Introduction and Reverse Engineering Hands-on

    17.02 - Non-Intel Architectures

    03.03 - Ghidra Reverse Engineering Hands-on for Non-Intel Archs

    10.03 - Office Macro, Excel Formulas, Powershell scripts, etc.

    17.03 - Email and Spam Analysis

    24.03 - Detection Creation and Threat Analysis Automation

    31.03 - Ethics in Cybersecurity

    Contactcs-e4330@aalto.fi