Lectures:
1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems.
2. History of computer malware, emergence, and gradual development.
3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view.
4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten.
5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory infections, interrupt use, swap viruses.
6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload.
7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features.
8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators.
9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly.
10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and swarm virus.
11. Computer worm and its construction.
12. Spyware and cyber weapons.
13. Backup. Basic backup systems and procedures
14. Dark web.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get acquainted with the issue of creating a keylogger.
2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries.
Use the Windows registry to ensure that your keylogger starts at system startup.
3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell.
Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding.
4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system.
5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection.
6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction.
Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/.
7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware.
Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers.
8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler.
Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application.
9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge.
Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions.
10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise.
11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network.
12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware.
13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.
1. Artificial intelligence and artificial life, self-replicating structures (play of life, Fredkin's self-replicating structure, von Neumann and the theory of self-replicating automata). Artificial Life and Virtual Universe (Tierra, Biomorph, SBEAT, SBART, EDEN, SWIMBOOT). Artificial life and complex systems.
2. History of computer malware, emergence, and gradual development.
3. Self-replicating structures, finite automata and Turing machines. Computer malware from a theoretical computer science point of view.
4. Virus definitions, common and different features with a biological virus. Classify malicious code (viruses, adware, spyware, worms, ...) and code propagation. HOAX. Virus Generators. Basic ways of spreading. Antimalware ten.
5. Detailed methods of infection, Methods of infection. File infections (com, exe, API, MBR, DBR, ...), infection techniques (virus overwriting, viruses connecting, cavity viruses, secret point ...). Memory infections, interrupt use, swap viruses.
6. Malicious code and its dependency on the environment (i.e., OS, file format, processor, architecture, translators, ...). Computer worms, life cycle and payload.
7. Basic defence strategies for viruses. Memory scanning, tracing, anti-debugging, armoured viruses, retroviruses, heuristic defence, emulation and disassembly, use of undocumented features.
8. Creation and generation of viruses. Virus code encoded by viruses (decryptors, nonlinear decoding, W95 / phono, W95 / Mad2736), oligomorphic viruses, polymorphic viruses, metamorphic viruses. Virus Generators.
9. Reverse engineering of malicious code, disassembly technology. The basics of cracking. Analysis of overwriting and connecting virus in C and its disassembly.
10. Evolution theory and unconventional malware development. Evolutionary virus development, botnet and swarm virus.
11. Computer worm and its construction.
12. Spyware and cyber weapons.
13. Backup. Basic backup systems and procedures
14. Dark web.
Exercises in PC classrooms
1. Keylogger: Students will create a basic malware program that will serve as a simple keylogger.
Get acquainted with the issue of creating a keylogger.
2. Windows API, registries, permissions: Teaching Windows API control and programmatic work with Windows registries.
Use the Windows registry to ensure that your keylogger starts at system startup.
3. PowerShell, Alternate stream: Hiding malware into an alternative stream, example of working with PowerShell.
Get acquainted with the mechanisms of "streams" that are part of the NTFS file system. Learn the basics of PowerShell and base64 encoding.
4. Detailed methods of infection: Implementation of frequently used methods of malware infection of the system.
5. Basic virus defense strategies: Environment scanning, obfuscation and debug protection.
6. Static malware analysis 1: Introduction to malware analysis - file integrity, string extraction.
Integrity Verification and Software Retrieval: Familiarize yourself with the techniques used to verify file integrity. Get acquainted with tools for extracting strings from exe files. Get to know the online service https://www.virustotal.com/.
7. Static analysis of malware 2: Work with PE headers, detection of obfuscation techniques for malware.
Learn the different techniques used to hide the body of malware. Especially "obfuscation" and "packing" techniques. Get acquainted in detail with the headers used for executable files - especially the PE and DOS headers.
8. Dynamic malware analysis: Debugging of delivered malware in assembler, code modification in assembler.
Debugging and Cracking: Learn about the process of debugging binaries. Crack the supplied application.
9. Practical analysis of malware: Students will be provided with the code of the current malware, they will then try out a manual analysis, in which they should apply the acquired knowledge.
Perform a thorough analysis of the supplied sample, find various interesting information about malware on the Internet and answer the attached questions.
10. Automatic malware analysis using Cuckoo Sandbox: Cuckoo sandbox installation, malware analysis using automated tools.
Install your own instance of Cuckoo Sandbox. Analyze the supplied samples via the Cuckoo Sandbox. Then also analyze the keylogger that you created during the exercise.
11. Evolutionary theory and unconventional development of malware: Evolutionary development of malware and modification of bot communication behavior in botnet network.
12. Flock malware: An experiment with a provided sample of flock malware. Analysis of the characteristics of the behavior of flock malware in comparison with common malware.
13. Dark web: prevention of cybercrime, detection of malicious services and traffic monitoring.