Reverse Engineering of Malware
In this short course students will learn how malware interacts with the underlying Operating System, how to go about identifying the functionality of malware, and how to perform large scale data analysis of malware.
Duration: 5 Days
Delivery Mode: Classroom
In-house: Contact the Professional Education Course Unit for more information and to arrange a quote. Recommended for groups of 10 or more.
What you will receive:
- Comprehensive set of course notes.
- UNSW certificate of attendance/completion.
- Morning tea, lunch and afternoon tea.
Masters Credit: 72 hours (12 working days) of approved short course training (plus an assessment) can be credited as an unspecified elective on our Masters of Cyber Security / Cyber Security Operations.
Reverse engineers, malware analysts, anti-malware engineers, tool writers for malware analysis
Over the course, students will come to understand:
- The underlying Operating System
- Object file formats and their use as containers of object code
- How the Operating System performs linking and loading of applications
- Instruction Set Architectures and assembly code How malware tries to evade analysis and detection
- How malware obfuscates analysis by the use of code packing
- Anti-emulation, anti-debugging, anti-VM, anti-sandbox, and anti-disassembly tricks that malware uses
Approaches to analysing programs and malware
- How dynamic analysis can analyse malware
- The process of static disassembly and decompilation
- Different representations of code and programs
- Static program analysis
- Static binary program analysis
Automating malware analysis
- How to identify similar malware through the use of program similarity
- How to classify programs as malicious using machine learning
The course is divided roughly evenly into set lectures and laboratory work. In the laboratories students will use tools to apply the concepts of static and dynamic analysis, data analytics, and manual reverse engineering.
He is the Director of Anti-Malware Engineering Qualys. Previous to Qualys he was a researcher at Deakin University and is now commercialising his work on malware variant detection using efficient and effective searching of similar control flow graphs. Silvio is author of the book Software Similarity and Classification, published by Springer. He has worked in industry within Australia, France, and the United States. This work includes time as the scanner architect of Qualys – now the world’s largest vulnerability assessment company. Silvio has spoken at industry and academic conferences including Black Hat, ACSC, Ruxcon, Cansecwest, and Auscert. Commencing in 2016, Silvio will also teach Reverse Engineering Malware at ADFA.
AUSTRALIAN CENTRE FOR CYBER SECURITY
The Australian Centre for Cyber Security (ACCS) is a focal point for the research of some 60 scholars from various faculties across UNSW who conduct research work on different aspects of cyber security. The Centre is based in Canberra at the Defence Force Academy that provides both advanced research as well as undergraduate and graduate education on cyber security. ACCS brings together the biggest concentration of research and tertiary education for the multi-disciplinary study of cyber security in any single university in the Southern hemisphere. A number of ACCS scholars, in areas ranging from information technology and engineering to law and politics, have significant international reputations for their work.
No dates? Or unable to attend dates shown? Submit an Expression of Interest below to be notified of upcoming courses.