|
週次 |
日期 |
單元主題 |
|
第1週 |
9/15 |
課程說明&環境整備 |
|
第2週 |
9/22 |
惡意程式逆向分析基礎
- Basic Static Techniques
- Malware Analysis in VM
- Basic Dynamic Analysis
|
|
第3週 |
9/29 |
惡意程式靜態分析技巧(1)
- x86 Disassembly
- IDA Pro Exercises
- C Constructs in Assembly
|
|
第4週 |
10/06 |
惡意程式靜態分析技巧(2)
- Analyzing Malicious Programs
- Ghidra Introduction
|
|
第5週 |
10/13 |
進階惡意程式動態分析 (1)
- Debugging Techniques
- Ollydbg for Dynamic Analysis
|
|
第6週 |
10/20 |
進階惡意程式動態分析 (2)
- Windbg for Kernel Debugging
|
|
第7週 |
10/27 |
惡意程式行為分析 (1)
- Downloaders and Launchers
- Backdoors
- Credential Stealers
- User-Mode Rootkits |
|
第8週 |
11/03 |
惡意程式行為分析 (2)
- Data Encoding
- Malware Focused Network Signatures |
|
第9週 |
11/10 |
期中考週
- Final Project Proposal
|
|
第10週 |
11/17 |
惡意程式記憶體分析
- Volatility Overview
- Investigating Process
- Investigating Network Activities
- Kernel Modules and Rootkit Analysis |
|
第11週 |
11/24 |
Shellcode分析
- Loading Shellcode for Analysis
- Identifying Execution Location
- Shellcode Encodings |
|
第12週 |
12/01 |
惡意程式反偵測手法 (1)
- Anti-disassembly
- Anti-debugging |
|
第13週 |
12/08 |
惡意程式反偵測手法 (2)與64-bit惡意程式分析
- Anti-VM
- Packers and Unpacking
- Differences in x64 Architecture
- 64-Bit Hints at Malware Functionality |
|
第14週 |
12/15 |
惡意元件分析- 網頁、文件、腳本與C++
- Interacting with malicious websites
- De-obfuscating malicious Javascript
- Malicious pdf document analysis
- Macros in malicious office documents |
|
第15週 |
12/22 |
惡意程式AI分析
- Review of M.L. approaches for malware analysis
- Features in a traditional M.L. workflow
- Research directions such as deep learning and multimodal approaches
|
|
第16週 |
12/29 |
上機考試 |
|
第17週 |
1/05 |
期末專題報告 |