Feb 27, 2024  
Website Catalog (In Development) 
Website Catalog (In Development)

CST 160 - Malware Analysis

The purpose of CST 160 is to gain an understanding of the different families of malware and how the malicious actions performed by the malware are coded and controlled.  Malware authors need to have a good understanding of operating systems, file systems, network communication, programming, and cryptography, as well as tricks to hide traces of malware on a system.  Numerous examples of actual malware are examined in a safe and secure way.  By examining malware we learn about its “indicators of compromise,” which in turn help detect future attacks and plug security holes that allowed the malware to infect the system.

Prerequisite- Corequisite
Prerequisites:  CST 113 Introduction to Programming or CST 121 Introduction to Python Programming

Credits: 3
2 Class Hours; 2 Laboratory Hours
Course Profile
Learning Outcomes of the Course:

Upon successful completion of this course the student will be able to:

  1. Recognize the many different types of malware typically encountered on Windows systems.
  2. Demonstrate using different techniques for analyzing malware source code and executable code, including static analysis, string analysis, deobfuscation, decoding, decompression, decryption, and histogram analysis.
  3. Follow proper guidelines for setting-up and using a safe, secure, and contained virtual malware testing and debugging environment.
  4. Examine network logs, protocols, and packet traffic for malware designed to exfiltrate data.
  5. Analyze malware written in different programming languages, including:  80x86 Assembly language, C/C++, VBS, JavaScript, and PowerShell.
  6. Demonstrate using disassemblers, debuggers, and other software tools to analyze malicious code.