INT251

MALWARE ANALYSIS AND CYBER DEFENSE

Lecture #0
The kick start session
Course details
• LTP – 2 0 2 [Two lectures/week]
• Course communication mode

Reference Book
• LEARNING MALWARE ANALYSIS by MONNAPPA K A,
PACKT PUBLISHING
Course Assessment Model
• MARKS BREAK UP
• Attendance 5
• CA (Two best out of three CA) 25
• Mid Term Exam (MTE) 20
• End Term Exam (ETE) 50

• Total 100
 Course Outcomes
• Through this course, students should be able
to:
• CO1 :: understand major defense strategies to secure operation centers
• CO2 :: analyze the behavior of the malware and its interaction with the system
• CO3 :: gain the basics of assembly Language and the necessary skills required to
perform code analysis
• CO4 :: analyze the stealth techniques used by advanced malware to hide from
Forensic tools
• CO5 :: apply the malware forensic techniques to investigate advanced malware
• CO6 :: identify major defense strategies to secure operation centers
 Program Outcomes for INT251
• PO-1:Engineering knowledge::Apply the knowledge of mathematics, science, engineering
fundamentals, and an engineering specialization to the solution of complex engineering
problems.
• PO-2: Problem analysis::Identify, formulate, research literature, and analyze complex
engineering problems reaching substantiated conclusions using first principles of
mathematics, natural sciences, and engineering sciences.
• PO-3:Design/development of solutions::Design solutions for complex engineering problems
and design system components or processes that meet the specified needs with appropriate
consideration for the public health and safety, and the cultural, societal, and environmental
considerations.
• PO-4:Conduct investigations of complex problems::Use research-based knowledge and
research methods including design of experiments, analysis and interpretation of data, and
synthesis of the information to provide valid conclusions.
• PO-5: Modern tool usage::Create, select, and apply appropriate techniques, resources, and
modern engineering and IT tools including prediction and modeling to complex engineering
activities with an understanding of the limitations
• PO-6:The engineer and society::Apply reasoning informed by the contextual knowledge to
assess societal, health, safety, legal and cultural issues and the consequent responsibilities
relevant to the professional engineering practice.
• PO-8:Ethics::Apply ethical principles and commit to professional ethics and responsibilities
and norms of the engineering practice.
• PO-9:Individual and team work::Function effectively as an individual, and as a member or
leader in diverse teams, and in multidisciplinary settings.
• PO-10:Communication::Communicate effectively on complex engineering activities with the
engineering community and with society at large, such as, being able to comprehend and write
effective reports and design documentation, make effective presentations, and give and receive
clear instructions.
• PO-11: Project management and finance::Demonstrate knowledge and understanding of the
engineering, management principles and apply the same to one’s own work, as a member or a
leader in a team, manage projects efficiently in respective disciplines and multidisciplinary
environments after consideration of economic and financial factors.
• PO-12: Life-long learning::Recognize the need for, and have the preparation and ability to
engage in independent and life-long learning in the broadest context of technological change.
Revised Bloom’s Taxonomy
 CA Details
1. CA1(Subjective)
Rubrics: Two questions of 10 marks each;
Two questions of 5 marks each
3. CA2(Subjective)
Rubrics: Two questions of 10 marks each;
Two questions of 5 marks each
4. CA3(Objective)
Rubrics: 30 Questions of 1 mark each.
The hitch…
The three BURNING questions in mind…

• Why are we learning Malware Analysis and Cyber

Defense?

• What would we do with it?

• What will be the course outcome?

Why Malware Analysis and Cyber
Defense?
 Why Malware Analysis and Cyber
Defense?

 understand major defense strategies to secure

operation centers
 analyze the behavior of the malware and its
interaction with the system
 apply the malware forensic techniques to
investigate advanced malware
 identify major defense strategies to secure
operation centers
 Unit I
Introduction to Malware Analysis
 Types of Malware

 Malware Analysis

 Static Analysis

 Determining file
Types

 Fingerprint malware
 UNIT II : Dynamic Analysis

The code is executed in a sandbox environment so that security analysts can

examine potential threats without putting the system at risk of infection.
 UNIT III : Disassembly using IDA

This chapter introduces to one code analysis tool, named IDA Pro (also known
as IDA). Here, you will learn how to leverage the features of IDA Pro to
enhance your disassembly.
 UNIT IV : Code Injection and Hooking

The technique of injecting malicious code into a target process's memory and
executing the malicious code within the context of the target process is called code
injection (or process injection).
 UNIT V : Malware Obfuscation Techniques

Malware obfuscation is the act of making the code of a program hard to

discover or understand—by both humans and computers
Hunting Malware using Malware Forensics
 UNIT VI : Detecting advanced Malware using
memory forensics

Memory forensics (or Memory Analysis) is an investigative technique which

involves finding and extracting forensic artifacts from the computer's physical
memory (RAM).
 Security Operation Center

A security operations center (SOC) is an in-house or outsourced team of IT

security professionals that monitors an organization’s entire IT infrastructure,
24/7, to detect cybersecurity events in real time and address them as quickly
and effectively as possible.
 Certification Details
Title of the course Link Type
Reverse Engineering and https://www.quickhealacademy.com/ Certification
Malware Analysis product/reverse-engineering-and-
malware-analysis/
 OPEN EDUCATIONAL RESOURCES
1. Introduction to malware analysis
https://infyspringboard.onwingspan.com/web/en/app/toc/
lex_auth_013177170889097216246_shared/overview
2. Disassembly using IDA
https://infyspringboard.onwingspan.com/web/en/app/toc/
lex_auth_0128119914844651527368_shared/overview
3. Malware functionalities and persistence
https://infyspringboard.onwingspan.com/web/en/app/toc/
lex_auth_01330153644516147226379_shared/overview
4. Malware Obfuscation Techniques
https://infyspringboard.onwingspan.com/web/en/app/toc/
lex_auth_0132918016845660163923_shared/overview
5. Hunting Malware using Malware Forensics
https://infyspringboard.onwingspan.com/web/en/app/toc/
lex_auth_01330396697212518435422_shared/overview
The End