CS 510: Malicious Code and Forensics
Instructor:
Francis Chang (Home page | francis at francischang dot com)
Office hours: By e-mail appointment (for now)
TA:
None....
Office hours: n/a
Time:
Tues / Thurs 6:00 - 7:50 PM
Class e-mail list:
cse510-malware-subscribe@yahoogroups.com
http://groups.yahoo.com/group/cse510-malware/
Room:
URBN 204
Remote bradcast:
http://media.pdx.edu/
Current Catalog Description
This course will study the motivations of malicious code developers and the common weaknesses expoited by such code. The course will then move in to a forensics analysis of techniques for protection and recovery from such malicious code. Students are expected to gain insights into the field of computer forensics, specifically approaches for the identification and remedy of malicious code.
Required textbook:
Malware: Fighting Malicious Code
by Ed Skoudis, ISBN: 0131014056
Optional Texts
- Hacking - The Art of Exploitation, Jon Erickson, ISBN: 1-59327-007-0
- The Shellcoder's Handbook - Discovering and exploiting Security
Holes, Koziol et al., ISBN: 0-7645-4468-3
- Trojans, Worms, and Spyware: A Computer Security, M. Erbschloe, ISBN0750678488
- The Giant Black Book of Computer Viruses, M. Ludwig ISBN: 0929408233
Fun Reads
Course Outline
- Lecture 0 - Class Intro
- Lecture 1 - History of Malware/Overview
- Lecture 2 - Intro to Viruses
- Lecture 3 - More on viruses and anti-viruses
- Lecture 4 - Trojan Horses
- Lecture 5 - Attack techniques, overflows, races, escallations
- Lecture 6 - Networking review
- Lecture 7 - Intro to worms
- Lecture 8 - Worm case studies
- Lecture 9 - Midterm
- Lecture 10 - Backdoors
- Lecture 11 - User Mode Root Kits
- Lecture 12 - Kernel Mode Root Kits
- Lecture 13 - FORENSIX system overview
- Lecture 14 - Security principles and techniques
- Lecture 15 - Interesting Malware Examples
- Lecture 16 - Mobile Code
- Lecture 17 - Clean up Q&A
- Lecture 18 - Final Exam
Slides Available at http://www.cs.pdx.edu/~francis/malware/lectures/.
Last updated... sometimish