CSC-4820 Reverse Engineering and Malware Analysis

Spring 2023

Course Description: This course exposes students to the fundamental problems, principles, and techniques in reverse engineering of software. Students will engage in static analysis techniques, disassembly algorithms, dynamic analysis techniques, automated static and dynamic analysis techniques, malware analysis techniques, anti-analysis techniques, and malware obfuscation and packing techniques. Many of the techniques will be demonstrated and practiced using industry standard tools. It also involves research opportunities to analyze new malware samples and firmwares, and develop new analysis tools.

Prerequisites: CSC3940

Course Materials:

• Sikorski, M. & Honig, A. (2012). Practical Malware Analysis : a Hands-On Guide to Dissecting Malicious Software. San Francisco: No Starch Press. ISBN 978-1593272906 $35.99

• Dang, B., Gazet, A., Bachaalany, E. & Josse, S. (2014). Practical reverse engineering : x86, x64, ARM, Windows Kernel, reversing tools, and obfuscation. Indianapolis, IN: Wiley.

ISBN: 978-1118787311 $32.79

Course Objectives:

Upon completion of this first-year seminar, students should be able to:

• Describe and apply the tools and methodologies used to perform static and dynamic analysis on unknown executables.

• Demonstrate a technical analysis of the functionality of a program by employing disassembly and documenting the resultant changes on the system.

• Extract behavioral leads from host and network-based indicators associated with a malicious program.

• Identify specific coding constructs in disassembly and demonstrate competent reverse engineering toolchain utilization.

Assignment Values:

Labs (8 @ 5%) 40%

Projects (3 @ 10%) 30%

Written tests (5 @ 2%) 15%

Final project (1 @ 10%) 15%

Course Grading:

Course Policy: Assessment: The course objectives will be assessed through major tests, the final exam and problem set assignments. The final grade will be determined as follows:

Assignments/Quizzes: 20%

2-3 Major Tests: 60%

Cumulative Final Exam: 20%

Total: 100%

Range	93-100	90-93	87-90	83-87	80-83	77-80	73-77	70-73	67-70	63-67	60-63	0-60
Grade	A	A-	B+	B	B-	C+	C	C-	D+	D	D-	F

You must score at least the minimum of a category to be given the associated grade, i.e. an average of 80 is a B- not a C+.

Major tests and Final Exam: All tests and final exam will consist primarily of problem solving type questions similar to the homework assignments and quizzes. No make up test will be given unless prior arrangements have been made with excusable reasons. If you miss a test your final grade will be used in place of the missed grade. This means the percentage of the final exam will increase. If you miss the final exam, a 0 will be placed in all missing tests.

Quizzes, class worksheets and assignments: In addition to the major tests and final exam, students will participate in series of problem sets to further develop skills and understanding of discrete mathematical structures found in computer science. Each assignment will focus on a collection of problems that target each learning objective individually or a combination of learning objectives. Successful completion of the assignments will prepare the student for major tests and final exam. There will be at least 12. There is no makeup for these items. For this reason, two will be dropped to accommodate an occasional absence.

Attendance: High Point University recognizes and honors the value of the face-to-face classroom experience for enhancing student engagement and academic outcomes. Attendance will be taken daily at the beginning of class. As such, you are expected to be present in every class meeting with the exception of an illness that requires quarantine or other reasons pre-approved by the instructor. In those cases online accommodations will be provided. If absent from class, you are responsible for all lectures, in-class exercises, assignments, and handouts. Caution: Being absent from class does not change the due date of assignments. Before a student is dropped for non-attendance, I will give a notification as a warning to a student that he/she is in danger of violating the attendance requirements.

Honor Code: All students are expected to follow the University Honor Code, Full details of the High Point University Honor Code are found here: http://www.highpoint.edu/studentconduct/university-honor-code All academic work should be completed with the highest level of honesty and integrity.

Professionalism: The Mission Statement of the Webb School of Engineering is: To provide an extraordinary engineering education through the delivery of a hands-on, practical education that prepares graduates for a rewarding career or admission into graduate school. The School of Engineering is committed to:

• Providing an environment that encourages curiosity.

• Developing technical competence within a Liberal Arts framework.

• Fostering independent thought and critical thinking to solve modern engineering and computing problems in an ethical, socially-responsible, and sustainable manner.

Please treat this class as if it were a company or organization for which you are working. You can exhibit professionalism by attending consistently, arriving on time, communicating your full or partial absence in a timely fashion, completing assignments on time, maintaining engagement, and respecting your peers and the professor.

Classroom etiquette:

• Cell phone usage during class is prohibited. Turn off cell phones (or place on vibrate). Please do not interrupt any aspect of the class due to your cell phone. This includes voice, text, video, data or any other current or future transmission technology.

• Do not listen to your digital media during class or lab time.

• Profanity will not be tolerated. Lewd remarks printed on your clothing are also not tolerated.

• Hats are not to be worn during class.

• Laptops are allowed during class and can only be used for class related instruction. Inappropriate use of a laptop, desktop or other electronic computing device during class will result in you being asked to leave the room.

Lab etiquette:

• The labs were created with student input. Please help respect and maintain the lab.

• Do not eat while sitting at a workstation. If you must eat while in the lab, sit a the larger table where no equipment may be damaged except your own. Clean up the area after you finish eating.

• Clean up your area before you leave the lab. Unless you are planning to return in a few minutes, please take all books, paper, etc with you.

• DO NOT lock your workstation when you leave!

Students with Disabilities: High Point University is committed to ensuring all students have equal access to all services and benefits at High Point University. If you are a student with a disability and require academic accommodations due to a diagnosed disability, you must register with the Office of Accessibility Resources and Services (OARS) and submit the appropriate documentation. Requests for accommodations should be made at the beginning of a course. Accommodations are not retroactive. Contact us at oars@highpoint.edu or by telephone at 336-841-9026, for additional information. The Office of Accessibility Resource and Services is located on the 4^th Floor of Smith. Library.

Face covering: Wearing a face mask reduces the risk of COVID-19 transmission and is a step we can all take to care for the members of our HPU family. This class will abide by the guidelines that are set forth by the University. Please note this may change as the semester progresses.

Course Schedule: