Malware:ITX8060:2012
Allikas: Lambda
Sisukord
- 1 About
- 2 Announcements
- 3 LABS/Homework
- 4 LECTURES
- 4.1 2012.10.29 First lecture/ Introduction
- 4.2 2012.11.05 sysinternal tools
- 4.3 2012.11.12 3 things +lab
- 4.4 2012.11.12 intro to Assembli languatage
- 4.5 2012.11.19 tools IDA and so on
- 4.6 2012.11.26 Packing and stuff
- 4.7 2012.12.03 Malicious document
- 4.8 2012.12.10 Mobile malware
- 4.9 2012.12.17 Endex
About
Announcements
LABS/Homework
Windows images for first lab : Windows images and other files in future
Lab5
Where , what , when and so on.
Deadline 27.12.2012
Lab4
W2hich permissions does malwares acquire? Describe the intent filter feature Describe the functionality of the malwares SHA SUM of the APK Which network connections does themalware initiate? To which purpose? Name of the malware Identify possible mitigation methods
Deadline 17.12.2012
Lab3
4 executables that youre tested in Malware 1 are they packed / encrypted ?
What makes you say so ? (how you determined)
What kind of packing was used (if could be tetermined) ideas how to unpack them ?
if no packing/encryption was used research one of thees packing metodologyes :
1) FSG: Simple packer for Win32. Compression: aplib (LZ-based) 2) MEW: Simple packer for Win32 (aplib) 3) NSPACK: Simple packer for Win32 (LZMA) 4) UPACK: Simple packer for Win32 (aplib)
choose according to student number
if last digits are 1 and 2 take 1
if last digits are 3 and 4 take 2
if last digits are 5,6,7 take 3
if last digits are 8,9,0 take 4
Deadline 10.12.2012
Lab2
a bit more exact explanation on what you sould do.
Deadline 03.12.2012
Lab1
Find malware
describe your findings acording : http://computer-forensics.sans.org/blog/2012/05/08/writing-malware-reports
Considerng following:
does malware access internet - where
How many diferent malware breads were in computer
which files are interesting and sould considered target to deeper analysis
whatewer els you could find about infections
how to disinfect
Deadline 21.11.2012
Be aware - downloading images takes time !
012.11.05
LECTURES
Moust of things are in google dock
