Lectures:
1. Structure of the course
This introductory lecture introduces students to the structure of the entire course "Computer Viruses and Security of Computer Systems". It introduces the main topics to be covered during the semester, the method of assessment, the form of teaching and the expected outcomes. It also serves to motivate students and provide an initial orientation to the subject.
2. Introduction to cyber security
This lecture introduces the basic concepts and principles of cybersecurity. It introduces students to the main threats, the actors of cyber attacks and the reasons why securing information systems is becoming increasingly important. Emphasis is placed on understanding the context and importance of protecting data and systems.
3. The history and motivation for malware development
The historical evolution of malware, including viruses, worms, and other forms of malware, is the topic of this talk. The motivations of attackers are also discussed, ranging from recession to financial gain to state-sponsored attacks. Students will learn about key development milestones and changes in the approach to protecting systems.
4. Malware - types and classification
This lecture explores the detailed classification of malware - viruses, worms, Trojans, rootkits, ransomware and other forms. It discusses their technical characteristics, methods of propagation and strategies to avoid detection. It also includes real-life case studies and the impact on users and organisations.
5. Mechanisms of infection
Focuses on a detailed description of how malware infects computer systems. Students will learn to understand the different stages of the infection process, such as delivery, launch, installation and spread. The lecture also explores the methods attackers use to camouflage and survive in an infected system.
6. Malware Operating Environment
This lecture analyzes the environment in which malware operates and the ways in which it adapts to different system configurations. It describes techniques for detecting virtual machines, bypassing antivirus solutions, and detecting sandboxes. Examples of adaptive malware behaviour in different environments are also included.
7. Armored viruses and defense mechanisms
Focuses on so-called "armored" viruses - those that use advanced detection and analysis protection techniques. Students will learn about techniques such as encryption, polymorphism, metamorphism, and debugger detection. At the same time, defensive strategies to counter these techniques are introduced.
8. Virus creation and generation
This talk covers the process of virus creation and code evolution. It discusses tools for automated creation (virus generators), evolutionary approaches, and how malware changes its code with each infection. It provides an understanding of why detecting new malware samples is so difficult.
9. Computer worms
This talk focuses on computer worms as a specific class of malware that can spread independently across networks. Students will learn about the structure of worms, methods of finding target devices, propagation techniques, and remote update methods. So-called "mobile worms" and future trends are also mentioned.
10. Payload
The topic is what malware actually does after a successful infection - the so-called payload. This can be data destruction, information theft, file encryption (ransomware), tracking user activity or misusing the system for attacks (e.g. DDoS). The presentation discusses the different types of malicious functions and their targets.
11. Backup as a defence against malware
This hands-on lecture explores data backup methods as an essential defense tool. It explains the difference between backup and archiving, automation options, and practical techniques for data recovery. The role of backups in protecting against ransomware and cyber attacks is also mentioned.
12. Artificial intelligence and malware
Combines the areas of AI and cybersecurity. It shows how AI can be used to detect malware, predict attacks and automatically learn security systems. It also highlights how attackers can exploit AI to create adaptive and hard-to-detect threats.
13. Spyware and cyber threats
A two-part lecture on spyware and cyberweapons. Describes types of spyware, their proliferation, and their use by states and corporations. Particular attention is paid to case studies (e.g. Stuxnet, FinFisher) and discussion of the impact of these technologies on global security.
------- Bonus lectures based on semester workload and student's interest -------
14. Fractals and Malware Visualization
Introduces a new approach to malware analysis through fractal geometry and binary code visualization. Explains how malicious code can be converted into visual form and analyzed using machine learning methods. The talk opens new research directions in the field of visual malware analysis.
15. Computer virus - from the basics to the future
The final lecture explores virus programming in C, C++ and C#, both from a development and reverse engineering perspective. It shows the evolution from simple to complex virus codes and trends such as swarm viruses. The future of malware in the context of new technologies is also discussed.
16. The dark web, the darknet and its role in the malware ecosystem
This talk will focus on the darkweb phenomenon and its infrastructure - networks such as Tor, I2P and Freenet. Students will learn how malware is traded, how underground black markets operate and what services are offered there - from Ransomware-as-a-Service to stolen data databases. The presentation provides insight into the economics of cybercrime, anonymisation methods and the ways in which the darknet is used to spread and monetise malware.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get acquainted with the issue of creating a keylogger.
2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries.
Use the Windows registry to ensure that your keylogger starts at system startup.
3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell.
Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding.
4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system.
5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection.
6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction.
Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/.
7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware.
Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers.
8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler.
Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application.
9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge.
Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions.
10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise.
11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network.
12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware.
13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.
1. Structure of the course
This introductory lecture introduces students to the structure of the entire course "Computer Viruses and Security of Computer Systems". It introduces the main topics to be covered during the semester, the method of assessment, the form of teaching and the expected outcomes. It also serves to motivate students and provide an initial orientation to the subject.
2. Introduction to cyber security
This lecture introduces the basic concepts and principles of cybersecurity. It introduces students to the main threats, the actors of cyber attacks and the reasons why securing information systems is becoming increasingly important. Emphasis is placed on understanding the context and importance of protecting data and systems.
3. The history and motivation for malware development
The historical evolution of malware, including viruses, worms, and other forms of malware, is the topic of this talk. The motivations of attackers are also discussed, ranging from recession to financial gain to state-sponsored attacks. Students will learn about key development milestones and changes in the approach to protecting systems.
4. Malware - types and classification
This lecture explores the detailed classification of malware - viruses, worms, Trojans, rootkits, ransomware and other forms. It discusses their technical characteristics, methods of propagation and strategies to avoid detection. It also includes real-life case studies and the impact on users and organisations.
5. Mechanisms of infection
Focuses on a detailed description of how malware infects computer systems. Students will learn to understand the different stages of the infection process, such as delivery, launch, installation and spread. The lecture also explores the methods attackers use to camouflage and survive in an infected system.
6. Malware Operating Environment
This lecture analyzes the environment in which malware operates and the ways in which it adapts to different system configurations. It describes techniques for detecting virtual machines, bypassing antivirus solutions, and detecting sandboxes. Examples of adaptive malware behaviour in different environments are also included.
7. Armored viruses and defense mechanisms
Focuses on so-called "armored" viruses - those that use advanced detection and analysis protection techniques. Students will learn about techniques such as encryption, polymorphism, metamorphism, and debugger detection. At the same time, defensive strategies to counter these techniques are introduced.
8. Virus creation and generation
This talk covers the process of virus creation and code evolution. It discusses tools for automated creation (virus generators), evolutionary approaches, and how malware changes its code with each infection. It provides an understanding of why detecting new malware samples is so difficult.
9. Computer worms
This talk focuses on computer worms as a specific class of malware that can spread independently across networks. Students will learn about the structure of worms, methods of finding target devices, propagation techniques, and remote update methods. So-called "mobile worms" and future trends are also mentioned.
10. Payload
The topic is what malware actually does after a successful infection - the so-called payload. This can be data destruction, information theft, file encryption (ransomware), tracking user activity or misusing the system for attacks (e.g. DDoS). The presentation discusses the different types of malicious functions and their targets.
11. Backup as a defence against malware
This hands-on lecture explores data backup methods as an essential defense tool. It explains the difference between backup and archiving, automation options, and practical techniques for data recovery. The role of backups in protecting against ransomware and cyber attacks is also mentioned.
12. Artificial intelligence and malware
Combines the areas of AI and cybersecurity. It shows how AI can be used to detect malware, predict attacks and automatically learn security systems. It also highlights how attackers can exploit AI to create adaptive and hard-to-detect threats.
13. Spyware and cyber threats
A two-part lecture on spyware and cyberweapons. Describes types of spyware, their proliferation, and their use by states and corporations. Particular attention is paid to case studies (e.g. Stuxnet, FinFisher) and discussion of the impact of these technologies on global security.
------- Bonus lectures based on semester workload and student's interest -------
14. Fractals and Malware Visualization
Introduces a new approach to malware analysis through fractal geometry and binary code visualization. Explains how malicious code can be converted into visual form and analyzed using machine learning methods. The talk opens new research directions in the field of visual malware analysis.
15. Computer virus - from the basics to the future
The final lecture explores virus programming in C, C++ and C#, both from a development and reverse engineering perspective. It shows the evolution from simple to complex virus codes and trends such as swarm viruses. The future of malware in the context of new technologies is also discussed.
16. The dark web, the darknet and its role in the malware ecosystem
This talk will focus on the darkweb phenomenon and its infrastructure - networks such as Tor, I2P and Freenet. Students will learn how malware is traded, how underground black markets operate and what services are offered there - from Ransomware-as-a-Service to stolen data databases. The presentation provides insight into the economics of cybercrime, anonymisation methods and the ways in which the darknet is used to spread and monetise malware.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get acquainted with the issue of creating a keylogger.
2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries.
Use the Windows registry to ensure that your keylogger starts at system startup.
3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell.
Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding.
4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system.
5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection.
6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction.
Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/.
7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware.
Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers.
8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler.
Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application.
9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge.
Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions.
10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise.
11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network.
12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware.
13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.