週次 |
日期 |
單元主題 |
第1週 |
9/6 |
課程說明&環境整備 |
第2週 |
9/13 |
惡意程式逆向分析基礎
- Basic Static Techniques
- Malware Analysis in VM
- Basic Dynamic Analysis |
第3週 |
9/20 |
惡意程式靜態分析技巧(1) (HW01)
- x86 Disassembly
- IDA Pro Exercises
- C Constructs in Assembly |
第4週 |
9/27 |
惡意程式靜態分析技巧(2)
- Analyzing Malicious Programs
- Ghidra Introduction |
第5週 |
10/4 |
進階惡意程式動態分析 (1) (Lab01)
- Debugging Techniques
- Ollydbg for Dynamic Analysis |
第6週 |
10/11 |
進階惡意程式動態分析 (2)
- Windbg for Kernel Debugging |
第7週 |
10/18 |
惡意程式行為分析 (1) (HW02)
- Downloaders and Launchers
- Backdoors
- Credential Stealers
- User-Mode Rootkits |
第8週 |
10/25 |
惡意程式行為分析 (2)
- Data Encoding
- Malware Focused Network Signatures |
第9週 |
11/1 |
期中考週
- Final Project Proposal |
第10週 |
11/8 |
惡意程式記憶體分析 (Lab02)
- Volatility Overview
- Investigating Process
- Investigating Network Activities
- Kernel Modules and Rootkit Analysis |
第11週 |
11/22 |
Shellcode分析
- Creating Shellcode
- Buffer Overflow Attacks
- Exploit Development
- Real-World Scenarios
- Code analysis of shellcode
- Shellcode analysis tool |
第12週 |
11/29 |
惡意程式反偵測手法 (1) (HW03)
- Anti-disassembly
- Anti-debugging |
第13週 |
12/6 |
惡意程式反偵測手法 (2)與64-bit惡意程式分析
- Anti-VM
- Packers and Unpacking
- Differences in x64 Architecture
- 64-Bit Hints at Malware Functionality |
第14週 |
12/13 |
惡意元件分析- 網頁、文件、腳本與C++ (Lab03)
- Interacting with malicious websites
- De-obfuscating malicious Javascript
- Malicious pdf document analysis
- Macros in malicious office documents |
第15週 |
12/20 |
上機考試 |
第16週 |
12/27 |
期末專題報告 |