CST160 — Malware Analysis
CST 160 - Malware Analysis CST 160 - Malware Analysis The purpose of CST 160 is to gain an understanding of the different families of malware and how the malicious actions performed by the malware are coded and controlled. Malware authors need to have a good understanding of operating systems, file systems, network communication, programming, and cryptography, as well as tricks to hide traces of malware on a system. Numerous examples of actual malware are examined in a safe and secure way. By examining malware we learn about its “indicators of compromise,” which in turn detect future attacks and plug security holes that allowed the malware to infect the system. Demonstrate using different techniques for analyzing malware source code and executable code, including static analysis, string analysis, deobfuscation, decoding, decompression, decryption, and histogram analysis. Follow proper guidelines for setting-up and using a safe, secure, and contained virtual malware testing and debugging environment. Examine network logs, protocols, and packet traffic for malware designed to exfiltrate data. Analyze malware written in different programming languages, including: 80x86 Assembly language, C/C++, VBS, JavaScript, and PowerShell. Demonstrate using disassemblers, debuggers, and other software tools to analyze malicious code.