Lectures:
1. Structure of the course
This introductory lecture introduces students to the structure of the entire course "Computer Viruses and Security of Computer Systems". It introduces the main topics to be covered during the semester, the method of assessment, the form of teaching and the expected outcomes. It also serves to motivate students and provide an initial orientation to the subject.
2. Introduction to cyber security
This lecture introduces the basic concepts and principles of cybersecurity. It introduces students to the main threats, the actors of cyber attacks and the reasons why securing information systems is becoming increasingly important. Emphasis is placed on understanding the context and importance of protecting data and systems.
3. The history and motivation for malware development
The historical evolution of malware, including viruses, worms, and other forms of malware, is the topic of this talk. The motivations of attackers are also discussed, ranging from recession to financial gain to state-sponsored attacks. Students will learn about key development milestones and changes in the approach to protecting systems.
4. Malware - types and classification
This lecture explores the detailed classification of malware - viruses, worms, Trojans, rootkits, ransomware and other forms. It discusses their technical characteristics, methods of propagation and strategies to avoid detection. It also includes real-life case studies and the impact on users and organisations.
5. Mechanisms of infection
Focuses on a detailed description of how malware infects computer systems. Students will learn to understand the different stages of the infection process, such as delivery, launch, installation and spread. The lecture also explores the methods attackers use to camouflage and survive in an infected system.
6. Malware Operating Environment
This lecture analyzes the environment in which malware operates and the ways in which it adapts to different system configurations. It describes techniques for detecting virtual machines, bypassing antivirus solutions, and detecting sandboxes. Examples of adaptive malware behaviour in different environments are also included.
7. Armored viruses and defense mechanisms
Focuses on so-called "armored" viruses - those that use advanced detection and analysis protection techniques. Students will learn about techniques such as encryption, polymorphism, metamorphism, and debugger detection. At the same time, defensive strategies to counter these techniques are introduced.
8. Virus creation and generation
This talk covers the process of virus creation and code evolution. It discusses tools for automated creation (virus generators), evolutionary approaches, and how malware changes its code with each infection. It provides an understanding of why detecting new malware samples is so difficult.
9. Computer worms
This talk focuses on computer worms as a specific class of malware that can spread independently across networks. Students will learn about the structure of worms, methods of finding target devices, propagation techniques, and remote update methods. So-called "mobile worms" and future trends are also mentioned.
10. Payload
The topic is what malware actually does after a successful infection - the so-called payload. This can be data destruction, information theft, file encryption (ransomware), tracking user activity or misusing the system for attacks (e.g. DDoS). The presentation discusses the different types of malicious functions and their targets.
11. Backup as a defence against malware
This hands-on lecture explores data backup methods as an essential defense tool. It explains the difference between backup and archiving, automation options, and practical techniques for data recovery. The role of backups in protecting against ransomware and cyber attacks is also mentioned.
12. Artificial intelligence and malware
Combines the areas of AI and cybersecurity. It shows how AI can be used to detect malware, predict attacks and automatically learn security systems. It also highlights how attackers can exploit AI to create adaptive and hard-to-detect threats.
13. Spyware and cyber threats
A two-part lecture on spyware and cyberweapons. Describes types of spyware, their proliferation, and their use by states and corporations. Particular attention is paid to case studies (e.g. Stuxnet, FinFisher) and discussion of the impact of these technologies on global security.
------- Bonus lectures based on semester workload and student's interest -------
14. Fractals and Malware Visualization
Introduces a new approach to malware analysis through fractal geometry and binary code visualization. Explains how malicious code can be converted into visual form and analyzed using machine learning methods. The talk opens new research directions in the field of visual malware analysis.
15. Computer virus - from the basics to the future
The final lecture explores virus programming in C, C++ and C#, both from a development and reverse engineering perspective. It shows the evolution from simple to complex virus codes and trends such as swarm viruses. The future of malware in the context of new technologies is also discussed.
16. The dark web, the darknet and its role in the malware ecosystem
This talk will focus on the darkweb phenomenon and its infrastructure - networks such as Tor, I2P and Freenet. Students will learn how malware is traded, how underground black markets operate and what services are offered there - from Ransomware-as-a-Service to stolen data databases. The presentation provides insight into the economics of cybercrime, anonymisation methods and the ways in which the darknet is used to spread and monetise malware.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get to know the keylogger issue.
2. Windows API, Registry, Permissions: Teaching Windows API Control and Windows Registry Programming.
Use Windows Registry to ensure that your keylogger runs at system startup.
3. PowerShell, Alternate stream: Hide malware into an alternative stream, showcase PowerShelle.
Meet the "streams" mechanisms that are part of the NTFS file system. Learn basics of PowerShell and base64 encoding.
4. DLL injection: Malware runtime masking using this technique.
Through your application, do the DLL injection of the created library into the intended (running) process.
5. Symmetric encryption: Malware encryption files - for example, use of ransomware.
Extend your malware from previous exercises by encrypting and decrypting a file that keeps the Keylogger keys stored.
6. Static Malware Analysis 1: Introduction to Malware Analysis - File Integrity, String Extraction.
Verify integrity and data acquisition from software: Learn about the techniques used to verify the integrity of files. Learn the tools to extract string (s) from exe files. Meet the online service https://www.virustotal.com/.
7. Static malware analysis 2: Working with PE headers, detecting malware obfuscation techniques.
Explore the different techniques that are used to hide the body of malware. Above all, "obfuscation" and "packing" techniques. See in detail the header used for executable files - especially PE and DOS header.
8. Dynamic malware analysis: Debugging the supplied malware to the assembler, modifying the code in the assembler.
Debugging and Cracking: Learn about debugging binary files. Crack the app.
9. Practical Malware Analysis: Students will be given the code of the current malware, then they will then try a manual analysis to apply their acquired knowledge.
Perform a thorough analysis of the sample, find various interesting information on malware on the Internet, and answer the attached questions.
10. Automatic Cuckoo Sandbox malware analysis: Installing Cuckoo sandbox, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Through Cuckoo Sandbox, analyze the samples provided. Next, do a keylogger analysis that you created within the exercise.
11) Student Presentations
1. Structure of the course
This introductory lecture introduces students to the structure of the entire course "Computer Viruses and Security of Computer Systems". It introduces the main topics to be covered during the semester, the method of assessment, the form of teaching and the expected outcomes. It also serves to motivate students and provide an initial orientation to the subject.
2. Introduction to cyber security
This lecture introduces the basic concepts and principles of cybersecurity. It introduces students to the main threats, the actors of cyber attacks and the reasons why securing information systems is becoming increasingly important. Emphasis is placed on understanding the context and importance of protecting data and systems.
3. The history and motivation for malware development
The historical evolution of malware, including viruses, worms, and other forms of malware, is the topic of this talk. The motivations of attackers are also discussed, ranging from recession to financial gain to state-sponsored attacks. Students will learn about key development milestones and changes in the approach to protecting systems.
4. Malware - types and classification
This lecture explores the detailed classification of malware - viruses, worms, Trojans, rootkits, ransomware and other forms. It discusses their technical characteristics, methods of propagation and strategies to avoid detection. It also includes real-life case studies and the impact on users and organisations.
5. Mechanisms of infection
Focuses on a detailed description of how malware infects computer systems. Students will learn to understand the different stages of the infection process, such as delivery, launch, installation and spread. The lecture also explores the methods attackers use to camouflage and survive in an infected system.
6. Malware Operating Environment
This lecture analyzes the environment in which malware operates and the ways in which it adapts to different system configurations. It describes techniques for detecting virtual machines, bypassing antivirus solutions, and detecting sandboxes. Examples of adaptive malware behaviour in different environments are also included.
7. Armored viruses and defense mechanisms
Focuses on so-called "armored" viruses - those that use advanced detection and analysis protection techniques. Students will learn about techniques such as encryption, polymorphism, metamorphism, and debugger detection. At the same time, defensive strategies to counter these techniques are introduced.
8. Virus creation and generation
This talk covers the process of virus creation and code evolution. It discusses tools for automated creation (virus generators), evolutionary approaches, and how malware changes its code with each infection. It provides an understanding of why detecting new malware samples is so difficult.
9. Computer worms
This talk focuses on computer worms as a specific class of malware that can spread independently across networks. Students will learn about the structure of worms, methods of finding target devices, propagation techniques, and remote update methods. So-called "mobile worms" and future trends are also mentioned.
10. Payload
The topic is what malware actually does after a successful infection - the so-called payload. This can be data destruction, information theft, file encryption (ransomware), tracking user activity or misusing the system for attacks (e.g. DDoS). The presentation discusses the different types of malicious functions and their targets.
11. Backup as a defence against malware
This hands-on lecture explores data backup methods as an essential defense tool. It explains the difference between backup and archiving, automation options, and practical techniques for data recovery. The role of backups in protecting against ransomware and cyber attacks is also mentioned.
12. Artificial intelligence and malware
Combines the areas of AI and cybersecurity. It shows how AI can be used to detect malware, predict attacks and automatically learn security systems. It also highlights how attackers can exploit AI to create adaptive and hard-to-detect threats.
13. Spyware and cyber threats
A two-part lecture on spyware and cyberweapons. Describes types of spyware, their proliferation, and their use by states and corporations. Particular attention is paid to case studies (e.g. Stuxnet, FinFisher) and discussion of the impact of these technologies on global security.
------- Bonus lectures based on semester workload and student's interest -------
14. Fractals and Malware Visualization
Introduces a new approach to malware analysis through fractal geometry and binary code visualization. Explains how malicious code can be converted into visual form and analyzed using machine learning methods. The talk opens new research directions in the field of visual malware analysis.
15. Computer virus - from the basics to the future
The final lecture explores virus programming in C, C++ and C#, both from a development and reverse engineering perspective. It shows the evolution from simple to complex virus codes and trends such as swarm viruses. The future of malware in the context of new technologies is also discussed.
16. The dark web, the darknet and its role in the malware ecosystem
This talk will focus on the darkweb phenomenon and its infrastructure - networks such as Tor, I2P and Freenet. Students will learn how malware is traded, how underground black markets operate and what services are offered there - from Ransomware-as-a-Service to stolen data databases. The presentation provides insight into the economics of cybercrime, anonymisation methods and the ways in which the darknet is used to spread and monetise malware.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get to know the keylogger issue.
2. Windows API, Registry, Permissions: Teaching Windows API Control and Windows Registry Programming.
Use Windows Registry to ensure that your keylogger runs at system startup.
3. PowerShell, Alternate stream: Hide malware into an alternative stream, showcase PowerShelle.
Meet the "streams" mechanisms that are part of the NTFS file system. Learn basics of PowerShell and base64 encoding.
4. DLL injection: Malware runtime masking using this technique.
Through your application, do the DLL injection of the created library into the intended (running) process.
5. Symmetric encryption: Malware encryption files - for example, use of ransomware.
Extend your malware from previous exercises by encrypting and decrypting a file that keeps the Keylogger keys stored.
6. Static Malware Analysis 1: Introduction to Malware Analysis - File Integrity, String Extraction.
Verify integrity and data acquisition from software: Learn about the techniques used to verify the integrity of files. Learn the tools to extract string (s) from exe files. Meet the online service https://www.virustotal.com/.
7. Static malware analysis 2: Working with PE headers, detecting malware obfuscation techniques.
Explore the different techniques that are used to hide the body of malware. Above all, "obfuscation" and "packing" techniques. See in detail the header used for executable files - especially PE and DOS header.
8. Dynamic malware analysis: Debugging the supplied malware to the assembler, modifying the code in the assembler.
Debugging and Cracking: Learn about debugging binary files. Crack the app.
9. Practical Malware Analysis: Students will be given the code of the current malware, then they will then try a manual analysis to apply their acquired knowledge.
Perform a thorough analysis of the sample, find various interesting information on malware on the Internet, and answer the attached questions.
10. Automatic Cuckoo Sandbox malware analysis: Installing Cuckoo sandbox, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Through Cuckoo Sandbox, analyze the samples provided. Next, do a keylogger analysis that you created within the exercise.
11) Student Presentations