Checking date: 23/04/2024

Course: 2024/2025

Malware analisys and engineering
Master in Cybersecurity (Plan: 325 - Estudio: 288)


Department assigned to the subject: Computer Science and Engineering Department

Type: Electives
ECTS Credits: 3.0 ECTS


Requirements (Subjects that are assumed to be known)
- Software Systems Exploitation - Secure Communications - Data Protection - Cyberdefense Systems - Cyberattack Techniques - Cybercrime, Cyberterrorism, and Cyberwar
Master the knowledge required to propose original designs or developments, often in a research process within the area of cyber security. Ability to apply acquired knowledge to solve problems under novel or almost novel situations or within broader (multidisciplinar) contexts related with cyber security. Ability to state critical opinions and judgements having incomplete or limited information in the field of cyber security. These judgements must take into account include considerations about social and ethical responsibilities. Discuss in a public audience about their acquired knowledge, and the conclusions from the work. Students will be able to give their foundational and most convincing reasons to a specialized and non specialized audience in a clear way, without ambiguities. Students should have the learning skills required to continue studying in a autonomous or self-directed way. Understand and apply methods and techniques to investigate vulnerabilities of a given site. Create and refine concise and comprehensively documents, plans and projects in the scope of cyber security. Know the relevant technique part of the legal regulation in cyber security and its implications in the design of systems and security tools. Analyze and detect anomalies and attack signatures y systems and networks. Analyze and detect ocultation techniques in attacks to systems and networks. Knowledge of trends in the cyber attacks techniques and knowledge about learned experiences in real cases. Know and apply the cryptographic and steganographic mechanisms required to protect data stored in a system or data transiting a network. LEARNING OUTCOMES Make an informed choice for the best analysis tool in the investigation process started due to suspicion of presence of malware. Explain the mechanisms that can be used to conceal an intrusion in a system.
Skills and learning outcomes
Description of contents: programme
1 Introduction 1.1 Basic Concepts and Evolution 1.2 Malware Analysis Techniques 1.3 The Lab 2 Basic Analysis Techniques 2.1 The Life of an Executable 2.2 Basic Static Analysis 2.3 Basic Dynamic Analysis 3 Advanced Analysis Techniques 3.1 x86 Disassembly 3.2 C Code Constucts in Assembly 3.3 IDA Pro 3.4 The Windows API 3.5 Debugging 4 Behaviors 4.1 Downloaders 4.2 Backdoors 4.3 Info Stealers 4.4 Persistence 4.5 Covert Launching 4.6 Data Encoding 4.7 Anti-disassembly 4.8 Anti-debugging 4.9 Anti-virtualization 4.10 Packers
Learning activities and methodology
LEARNING ACTIVITIES: - Lectures and practicals - Lab sessions - Tutorship - Group work - Individual work METHODOLOGIES - Lectures to introduce and discuss the main course concepts. - Study and analysis of references provided by the lecturer, including academic papers, reports, selected book chapters, and press articles. This will be instrumental to consolidate and complement concepts introduced in the course, and also as material to be discussed during some lectures. - Analysis of practical cases proposed by the lecturer, either individually or in group. - Presentation and discussion of topics and practical cases related to the course. - Preparation of individual essays and reports.
Assessment System
  • % end-of-term-examination 0
  • % of continuous assessment (assigments, laboratory, practicals...) 100

Calendar of Continuous assessment

Basic Bibliography
  • Michael Ligh, Steven Adair, Blake Harstein, Matthew Richard. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. Wiley. 2010
  • Michael Sikorski, Andrew Honig. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press. 2012

The course syllabus may change due academic events or other reasons.