CSCI 4990/6990: Reverse Engineering Spring 2009 Prof. Golden G. Richard III 11-12:15pm on Tuesday/Thursday Reverse engineering involves deep analysis of the code, structure, and functionality of software using both static and dynamic methods. This course will provide students with a solid foundation in reverse engineering, which is crucial to understanding modern malicious software and in crafting potential solutions to recover from and prevent attacks. Reverse engineering is also useful for creating interoperable software, for verifying that software patches function as promised, and for the simple joy of understanding at a deep level how software works. A number of state-of-the-art analysis tools will be available in our laboratory environment for students taking this class, including IDA Pro, Olly Debug, and HBGary’s Responder Professional. Prerequisites: CSCI 4401, experience with C and Intel assembler Topics include: 1 • Overview of current and next-generation malicious software o Viruses, worms, trojans o BOTNETs o Polymorphic and metamorphic malware • Low level software o Overview of Intel assembler language o Virtual machines for interpreted high-level languages o Representation of compiled high level language structures in assembler • Win32 / Linux / Mac OS X operating systems internals • Static and dynamic analysis of software o IDA Pro o OllyDbg o Filesystem and registry tracing • Advanced reverse engineering techniques o Encrypted/packed executables o Anti-debugging techniques o Code obfuscation • Defensive Strategies Against Malware o Worm Fingerprinting / Signature Generation o Hardware Agents for System Integrity Checking o Behavioral Approaches to Detection of Malware Textbooks for this course are The Ida Pro Book and Reversing: Secrets of Reverse Engineering. Grading is based on participation, significant reverse engineering projects, a midterm exam, and a final exam.
Pages to are hidden for
"CSCI 49906990 Reverse Engineering Spring 2009 Prof. Golden G"Please download to view full document