Attackers and attacker toolchains continue to evolve and make detection and prevention very difficult. Malware analysts are continually examining modern malware to look for commonalities and new 0-day techniques that are used to exploit a system and maintain a strong foothold. Identifying the Indicators of Compromise (IOCs) is important for helping determine the extent of an intrusion as well as helping alert others to similar attacks. Students will utilize advanced analysis techniques, user mode/kernel mode debugging and dynamic analysis to uncover how modern malware operates. Being able to bypass code obfuscation techniques, examine shellcode, identify command-and-control (C2) systems and configuration are critical components for analyzing and stopping malware. In addition, as ransomware has become ubiquitous, students will examine a real-world ransomware attack and develop a customized decryption utility to help a ‘customer’ recover from a ransomware attack. Throughout the course, relevant operating systems internals will be discussed. By the end of the course, students will have a better understanding of how to identify attacks and reverse engineer tools to uncover the attacker’s secrets!
EN.695.744 Reverse Engineering