🎯 Course Overview
This course trains students to analyze, dissect, and understand malware behavior in a controlled environment. It covers static and dynamic analysis, sandboxing, and reverse engineering fundamentals.
🧠 Learning Outcomes
Learners will:
-
Identify different types of malware and infection techniques.
-
Perform static and dynamic malware analysis safely.
-
Analyze PE file structures and extract indicators of compromise (IOCs).
-
Use disassemblers and debuggers for binary inspection.
-
Create malware reports with behavioral summaries and mitigations.
📅 Weekly Module Plan
Week 1 — Malware Fundamentals
-
Topics: Types of malware, infection vectors, malware lifecycle.
-
Lab: Analyze benign malware samples (VirusShare safe set / classroom sample).
-
Tools: PEview, Exeinfo PE, VirusTotal.
-
Assignment: Classify 3 sample files and write summary.
Week 2 — Static Analysis
-
Topics: File headers, packing/unpacking, string extraction, hashes.
-
Lab: Perform hash analysis and string extraction with
strings,PEiD. -
Tools: PEStudio, Exeinfo, Detect It Easy.
-
Quiz 1: Malware classification and PE file structure.
Week 3 — Dynamic Analysis
-
Topics: Behavior monitoring, API calls, registry changes, process injection.
-
Lab: Run sample in sandbox (Cuckoo Sandbox / Any.Run).
-
Tools: Procmon, Wireshark, RegShot, Process Explorer.
-
Assignment: Document process tree and registry modifications.
Week 4 — Reverse Engineering Basics
-
Topics: Disassembly, debugging, function tracing, unpacking.
-
Tools: x64dbg, Ghidra, IDA Free.
-
Lab: Analyze simple executable — find strings, entry point, and control flow.
-
Quiz 2: Reverse engineering fundamentals.
Week 5 — Detection, Reporting & Defense
-
Topics: Signature creation, YARA rules, sandbox automation, EDR concepts.
-
Lab: Write a YARA rule to detect a specific malware pattern.
-
Final Project: Analyze a malware sample, extract IOCs, and create a full malware analysis report.
🧩 Assessment Breakdown
- Teacher: Admin User