週次 |
日期 |
單元主題 |
第1週 |
9/28 |
課程說明&環境整備 |
第2週 |
10/5 |
惡意程式逆向分析基礎
- Basic Static Techniques
- Malware Analysis in VM
- Basic Dynamic Analysis |
第3週 |
10/12 |
惡意程式靜態分析技巧(1) (Lab/HW)
- x86 Disassembly
- IDA Pro Exercises
- C Constructs in Assembly |
第4週 |
10/19 |
惡意程式靜態分析技巧(2)
- Analyzing Malicious Programs
- Ghidra Introduction |
第5週 |
10/26 |
進階惡意程式動態分析 (1) (Lab/HW)
- Debugging Techniques
- Ollydbg for Dynamic Analysis |
第6週 |
11/2 |
進階惡意程式動態分析 (2)
- Windbg for Kernel Debugging |
第7週 |
11/9 |
惡意程式行為分析 (1) (Lab/HW)
- Downloaders and Launchers
- Backdoors
- Credential Stealers
- User-Mode Rootkits |
第8週 |
11/16 |
惡意程式行為分析 (2)
- Data Encoding
- Malware Focused Network Signatures |
第9週 |
11/23 |
期中考週
- Final Project Proposal |
第10週 |
11/30 |
惡意程式記憶體分析 (Lab/HW)
- Volatility Overview
- Investigating Process
- Investigating Network Activities
- Kernel Modules and Rootkit Analysis |
第11週 |
12/7 |
Shellcode分析
- Creating Shellcode
- Buffer Overflow Attacks
- Exploit Development
- Real-World Scenarios
- Code analysis of shellcode
- Shellcode analysis tool
|
第12週 |
12/14 |
惡意程式反偵測手法 (1) (Lab/HW)
- Anti-disassembly
- Anti-debugging |
第13週 |
12/21 |
惡意程式反偵測手法 (2)與64-bit惡意程式分析
- Anti-VM
- Packers and Unpacking
- Differences in x64 Architecture
- 64-Bit Hints at Malware Functionality |
第14週 |
12/28 |
惡意元件分析- 網頁、文件、腳本與C++
- Interacting with malicious websites
- De-obfuscating malicious Javascript
- Malicious pdf document analysis
- Macros in malicious office documents |
第15週 |
1/4 |
惡意程式AI分析
- Review of M.L. approaches for malware analysis
- Features in a traditional M.L. workflow
- Research directions such as deep learning and multimodal approaches |
第16週 |
1/11 |
上機考試 |
第17週 |
1/18 |
期末專題報告 |