Checking date: 16/05/2025 09:50:39


Course: 2025/2026

Malware analisys and engineering
(12400)
Master in Cybersecurity (Plan: 325 - Estudio: 288)
EPI


Coordinating teacher: ESTEVEZ TAPIADOR, JUAN MANUEL

Department assigned to the subject: Computer Science and Engineering Department

Type: Electives
ECTS Credits: 3.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
- Software Systems Exploitation - Secure Communications - Data Protection - Cyberdefense Systems - Cyberattack Techniques - Cybercrime, Cyberterrorism, and Cyberwar
Objectives
Understand the main types of malware and the techniques used to achieve their objectives. Learn the techniques and tools used in malware analysis, including both static and dynamic analysis. Develop useful artifacts for the threat intelligence lifecycle, including analysis reports and indicators of compromise. LEARNING OUTCOMES Make an informed choice for the best analysis tool in the investigation process started due to suspicion of presence of malware. Explain the mechanisms that can be used to conceal an intrusion in a system.
Learning Outcomes
Description of contents: programme
1 Introduction 1.1 Basic Concepts and Evolution 1.2 Malware Analysis Techniques 1.3 The Lab 2 Basic Analysis Techniques 2.1 The Life of an Executable 2.2 Basic Static Analysis 2.3 Basic Dynamic Analysis 3 Advanced Analysis Techniques 3.1 x86 Disassembly 3.2 C Code Constucts in Assembly 3.3 IDA Pro 3.4 The Windows API 3.5 Debugging 4 Behaviors 4.1 Downloaders 4.2 Backdoors 4.3 Info Stealers 4.4 Persistence 4.5 Covert Launching 4.6 Data Encoding 4.7 Anti-disassembly 4.8 Anti-debugging 4.9 Anti-virtualization 4.10 Packers
Learning activities and methodology
LEARNING ACTIVITIES: - Lectures and practicals - Lab sessions - Tutorship - Group work - Individual work METHODOLOGIES - Lectures to introduce and discuss the main course concepts. - Study and analysis of references provided by the lecturer, including academic papers, reports, selected book chapters, and press articles. This will be instrumental to consolidate and complement concepts introduced in the course, and also as material to be discussed during some lectures. - Analysis of practical cases proposed by the lecturer, either individually or in group. - Presentation and discussion of topics and practical cases related to the course. - Preparation of individual essays and reports.
Assessment System
  • % end-of-term-examination/test 0
  • % of continuous assessment (assigments, laboratory, practicals...) 100

Calendar of Continuous assessment


Basic Bibliography
  • Michael Ligh, Steven Adair, Blake Harstein, Matthew Richard. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley. 2010
  • Michael Sikorski, Andrew Honig. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press. 2012

The course syllabus may change due academic events or other reasons.