Malware Boot Camp (Project Group)

Virii, Worms, Botnets, Trojans, …

...are a major threat to the Internet, but also a very interesting kind of software.

In this lab, teams of students are dissecting and investigating different types of malware and analyze different aspects:

  • Investigation of Malware Infection Strategies and Common Structure

    • Spreading / propagation
    • Hiding techniques
    • Obfuscation
    • Packers
    • Command & Control communication

  • Secure Lab Environment for Implementing and Testing New Technologies
  • Practical, Hands-on Teaching

The lab consists of two phases:

  1. Crash course: In a one week crash course, the students get to know general principles of malware and malware analysis
  2. Lab project: New analysis tools and frameworks are developed and tested with real malware.

Organization

The Malware Boot Camp consists of both practical hands-on experience in our malware lab as well as reporting the results in presentations and reports.

Lab

The Malware Boot Camp starts with a 3-day to one-week tutorial on malware analysis. The tutorial introduces basic analysis techniques and points out possible difficulties and how to deal with them. During the tutorial, different malware samples are taken apart to analyze spreading, infection and communication details. All students work together to get as much out of the samples as possible.

Following the tutorial is a dedicated lab project. Each student is assigned a dedicated lab project that is to be solved during a 4-weeks full-time lab. During these projects, new approaches are to be investigated and new means for malware analysis are to be developed. Different topics from automated analysis to the improvement of tools for reverse engineering are available and can be selected by the students.

Presentations

An important part of malware analysis is the presentation and discussion of findings and results. During the Malware Boot Camp the students will learn how to present their results and how to discuss difficulties and solutions amongst all teams.

At the beginning of the tutorial week, each student presents a brief overview of a selected topic, like rootkits, packers, virus scanners, or obfuscation techniques. Max time for the presentation is 15 minutes.

Before the lab project starts, each student presents his dedicated project, the goals, existing approaches, and solutions he is going to try. A short summary of 1-3 pages is to be written.

During the 4-week lab project, each student holds a weekly report of 5 - 10 minutes to present his findings and to discuss diffuculties and possible solutions.

After the lab project, a report about the lab project and major results has to be written. The report will be around 15 - 20 pages.

The examination is a final presentation on the lab project of around 20 - 30 minutes.

Required Skills

To participate successfully in the Malware Bootcamp, a solid knowledge of the C language is required. In addition, skills in a scripting language (Python, Perl, ...) are recommended, as well es basic knowledge about networking and the linux and windows command line. It's also helpful to have seen x86 assembler before, although this is not mandatory.

 

More Information?

For more information e-mail cs4-seminars-labs.