Malware Reverse Engineering

Download Brochure

START:
January 1, 2020
DURATION:
Contact hours: 45
Lecture hours: 30
Lab hours:15
ID:
RU 6208
CREDIT:
3

Address

205 Van Buren Street, Suite 140, Herndon, VA 20170   View map

The Malware Reverse Engineering course is for professional who have limited or no experience with the practice of reverse engineering. Reverse engineering is reviewing the disassembled code of a possible malicious binary or executable, or a piece of malware, frequently through the use of disassemblers and hex editors. This is to gain a better understanding of how a binary or executable function when run. This type of analysis is geared toward capturing the behavioral aspects of the malicious binaries as they are executed in a controlled environment. Analytical data such as environment changes (file, system, process, network, etc.), communication with the network, communications with remote or distant devices, and so on are closely studied for actionable information. This information is then analyzed, and a complete view is reconstructed as to what the binary is doing to a system when executed. Emphasis is placed on analyzing the way the malware interacts with associated networks, identifying the type of information being targeted and finding commonalities with previously analyzed malware.

Objectives:

  • Familiarize with the practice of reverse engineering suspicious files by utilizing static and dynamic tactics and techniques
  • Gain an understanding as to what impact a suspicious file may have on a particular computer system when executed
  • Learn to work with a disassembler
  • Gain an excellent knowledge of binary and executables
  • Understand how to detect and analyze environmental changes

Prerequisite: None
Credits: 3
Contact hours: 45
Lecture hours: 30
Lab hours: 15
Faculty office hours: faculty is available outside class hours by appointment, via email, and at scheduled times.
Advising: faculty and career counselors are available to assist students with their career directions and questions.