Locked History Attachments

COMP9000

COMP9000 - 2010s2

Reverse Engineering and Malware

This course addresses the question of how to determine the behaviour of a program when the source code is not available. This has diverse applications such as code auditing for security, disassembling and analysing virus software and other malware, and creating open source drivers for closed source hardware. Learning reverse engineering will also improve your code writing ability as you develop an appreciation of what your code really looks like once it is compiled and in use.

Reverse Engineering is something of a black art. This semester we are fortunate to have Fionnbharr Davies and Brendan Hopper to run the course and teach these skills. Fionbharr and Brendan are well known and highly regarded penetration testers and have extensive experience in real world malware analysis.

Topics include

  • anti virus: including unpacking, anti-debugger tricks, virus polymorphism
  • x86 assembly
  • o/s internals - in real world cases, windows specific

Required Knowledge

  • C

Contact

One lecture-lab for 1.5 hours followed by 1.5 hour supervised lab in Banjo lab Wednesday 6-9pm. Lab work can be completed solo or in groups.

Richard Buckland is the lecturer in charge however Fionnbharr and Brendan will do all the real work.

Assessment

Final practical exam, in which you will reverse a supplied application in the lab under exam conditions. Worth 50%. You must pass the exam to pass the course.

Two two-week assignments worth 20% each.

Weekly assessed lab exercises. These do not contribute towards your final mark but you will need to complete them in order to acquire the skills you will need for the assessable items.

Quiz in week 4 - not worth anything but you will be advised to disenroll if you do not perform well. This will be a serious course and we expect participants to make a consistent and significant effort each week.

Course communication is via irc - you are expected to participate as well as attend and participate in lectures and the lab sessions. Course information and notes are via the course wiki - you are expected to contribute content to this. Course participations and contribution is worth 10%.

Enrolment

Numbers are limited. Enrolment is with consent only. To apply to join the course:

  1. contact Fionnbharr (thouth AT gmail.com).
  2. IF you get consent from Fionnbharr to enrol then:
    1. email cassandra AT cse.unsw.edu.au with 

   subject: COMP9000 - Reverse Engineering and Malware 

   Asking (very politely) if you can be enrolled in this course 
   and (to make it clear which comp9000 course you wish to enrol 
   in) that it is the Reverse Engineering course with LIC richard 
   buckland and guest lecturers fionnbharr and brendan.
last edited 2010-08-02 17:23:14 by RichardBuckland