Reverse Engineering | UNSW Canberra UNSW Canberra UNSW & ADFA Skip Top Menu Banner Work With Us Contact Us News Events search menu search Main navigation Home About Us expand_more (contains submenu) Explore Our Campus Our Vision Who We Are Contact Us Other Canberra Locations expand_more (contains submenu) UNSW Canberra City Launch on Northbourne Equity, Diversity & Inclusion Our People expand_more (contains submenu) Leadership expand_more (contains submenu) Professor Emma Sparks, Rector Professor Andrew Neely, Associate Dean (Research Engagement) Professor Deborah Blackman, Head of School of Business Professor John Young Professor Nicole Moore, Associate Dean (Special Collections) Associate Professor Michael Barlow, Acting Head of School of Engineering and Information Technology Professor Shirley Scott, Head of School of Humanities and Social Sciences Professor Warrick Lawson, Associate Dean (Research) UNSW Canberra Advisory Council Our Schools expand_more (contains submenu) School of Business School of Engineering & IT School of Humanities & Social Sciences School of Science Study With Us expand_more (contains submenu) Undergraduate expand_more (contains submenu) ADFA Trainee Officers ADF Current Serving Members Defence Civilian Undergraduate Sponsorship (DCUS) Non-Defence Students Honours Programs Key dates Postgraduate Coursework expand_more (contains submenu) Key dates Postgraduate Research expand_more (contains submenu) Doctor of Philosophy (PhD) Professional Doctorate Master by Research Master of Philosophy Key dates PhD Study Opportunities Professional Education Short Courses expand_more (contains submenu) Browse All Courses Upcoming Courses Postgraduate Credit Scholarships Student Life Student Support Services Our Research expand_more (contains submenu) Our Research Priorities expand_more (contains submenu) Artificial Intelligence Business Capability Systems Cyber Engineering International Security Science Space War Studies Engagement & Partnerships Our Researchers PhD Study Opportunities UNSW Defence Research Institute Special Collections The Howard Library Institutes, Centres & Initiatives Alumni & Giving expand_more (contains submenu) UNSW Canberra Alumni expand_more (contains submenu) Alumni Jobs Board Our Alumni Profiles Volunteer Opportunities Benefits & Services Giving expand_more (contains submenu) Our Giving Priorities How to Give Give Now The Spitfire Memorial Defence Fellowship Search UNSW Canberra Breadcrumb Home Professional Education Short Courses Reverse Engineering Standard Price: $4,750.00 Defence Price: $4,275.00 Duration: 5 days Delivery Mode: Face-to-face Location: Canberra Please confirm if this course is available in current course offerings. To express interest for a different date, please fill out the Expression of Interest form Contact information For further information or to request a quotation, please contact the Professional Education Courses Unit on: Enquiries Phone: 02 5114 5573 Enquiries Email: ProfEdCourses@adfa.edu.au In-house delivery UNSW Canberra Professional Education Courses may be available for in-house delivery at your organisation's premises. In-house courses allow maximum attendance without the additional travel costs. Courses can be developed to suit the specific staff development and training needs of your organisation. Recommended for groups of 10 or more. In this short course students will learn how malware interacts with the underlying Operating System, how to go about identifying the functionality of malware, and how to perform large scale data analysis of malware. The course is an even mix of set lectures and laboratory work. In the laboratories students will use tools to apply the concepts of static and dynamic analysis, data analytics, and manual reverse engineering. Over the course students will come to understand: The underlying Operating System Object file formats and their use as containers of object code How malware tries to evade analysis and detection How malware obfuscates analysis by the use of code packing Anti-emulation, anti-debugging, anti-VM, anti-sandbox, and anti-disassembly tricks that malware uses How dynamic analysis can analyse malware The process of static disassembly and decompilation How to identify similar malware through the use of program similarity How to classify programs as malicious using machine learning Learning outcomes On completion of this course, participants should be able to: Conduct the main approaches to analysing malware, including static and dynamic analysis. Conduct malware analysis automation including malware variant detection and malware classification. Discuss program analysis, including program representation and static program analysis. Conduct static reverse engineering including the ability to transform disassembly into descriptions of program functionality. What you will receive Comprehensive set of course notes. UNSW Canberra certificate of attendance. Morning tea, lunch and afternoon tea. Who should attend Reverse engineers, malware analysts, anti-malware engineers, tool writers for malware analysis. Course Information Course Day Breakdown add Day 1 Malware Fundamentals The session starts with an overview of the history of malware, the motivations behind malware attacks and the different types of malware programs. We will then look at how malware is delivered to the victim and analyse common attacks used to propagate malware. Topics Malicious Actions, Malware Delivery and Exploitation, Malware C2, Persistence and Evading Detection, Side Channel Attacks and Jumping Airgaps, Reverse Engineering Firmware and Embedded Devices, Interfacing with UART. Day 2 Reverse Engineering Malicious Code Day 2 begins with an introduction to object file formats, common properties of object files, recognising object file formats and how malware modifies object files. We will then discuss the role of the operating system in executing programs, linking and loading processes and look at machine models and commonalties between Instruction Set Architectures. Topics Object File Formats – ELF, PE & Java CLASS, Linking and Loading, Object Code and Instruction Set Architectures, Debuggers. Day 3 Malware Analysis We will cover the different types of program representation and basic program analysis techniques including binary, data flow, optimisation, program, static and dynamic analysis. The role of automation and machine learning in the identification and prevention of malware attacks will also be discussed. Topics Program Representation, Dynamic Analysis, Program Analysis, Binary Program Analysis, Static Reverse Engineering. Day 4 & Day 5 Malware Classification & Analysis Labs The session will give an overview of malware detection and how to identify the origin of outbreaks. We will cover how statistical machine learning enables us to learn what malicious behaviour looks like and how benign or malicious behaviour is classified. Topics Program Similarity, Program Classification and Clustering, Malware Obfuscation and Evasion, Code Packing Transformations and Unpacking, Malware Classification Using Weka. Course outline add Reverse Engineering Reverse Engineering filter Download 514.79 KB PDF Reverse Engineering NICE Framework Mapping add This course maps to the following NICE Framework KSAs (Knowledge, Skills & Abilities): K0070: Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). K0183: Knowledge of reverse engineering concepts. K0186: Knowledge of debugging procedures and tools. K0188: Knowledge of malware analysis tools (e.g., Oily Debug, Ida Pro). K0189: Knowledge of malware with virtual machine detection (e.g. virtual aware malware, debugger aware malware, and unpacked malware that looks for VM-related strings in your computer’s display device). K0254: Knowledge of binary analysis. S0087: Skill in deep analysis of captured malicious code (e.g., malware forensics). S0093: Skill in interpreting results of debugger to ascertain tactics, techniques, and procedures. S0131: Skill in analysing malware. A0175: Ability to examine digital media on multiple operating system platforms. What is the NICE Framework? The National Initiative for Cybersecurity Education (NICE) Cyber Security Workforce Framework developed by the National Institute of Standards and Technology (NIST) establishes a taxonomy and common lexicon that describes cyber security work and job roles. To find out more about the NICE Framework, go to: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework Cancellation policy add Courses will be held subject to sufficient registrations. UNSW Canberra reserves the right to cancel a course up to five working days prior to commencement of the course. If a course is cancelled, you will have the opportunity to transfer your registration or be issued a full refund. If registrant cancels within 10 days of course commencement, a 50% registration fee will apply. UNSW Canberra is a registered ACT provider under ESOS Act 2000-CRICOS provider Code 00098G. UNSW Institute for Cyber Security add UNSW Institute for Cyber Security is a unique, cutting-edge, interdisciplinary research and teaching centre, working to develop the next generation of cyber security experts and leaders. The centre is based in Canberra at the Australian Defence Force Academy and provides professional, undergraduate and post graduate education in cyber security. Our air-gapped, state of the art cyber range offers a secure environment where we deliver a number of technical and highly specialised learning opportunities. Our courses are designed to give the next generation of cyber security professionals the skill sets needed to thrive in the industry. We can also create bespoke professional education programs tailored to your organisation's needs. Contact us at cyber@adfa.edu.au to discuss how. Tags lensCyber Security Support Academy Library Moodle Current Students Staff Schools School of Business School of Engineering & IT School of Humanities & Social Sciences School of Science Institutes, Centres & Initiatives Defence Research Institute Capability Systems Centre UNSW Institute for Cyber Security UNSW Canberra Space Public Service Research Group Public Leadership Research Group Contact General Enquiries UNSW Canberra ACT 2600 UNSW Canberra UNSW CRICOS Provider Code: 00098G TEQSA Provider ID: PRV12055 ABN: 57 195 873 179 Acknowledgement of Country UNSW is located on the unceded territory of the Bedegal (Kensington campus), Gadigal (City and Paddington Campuses) and Ngunnawal peoples (UNSW Canberra) who are the Traditional Owners of the lands where each campus of UNSW is situated. The Uluru Statement Follow Us Privacy policy Copyright & Disclaimer Accessibility Site feedback Complaints Sitemap
