Main.HomePage History
Hide minor edits - Show changes to output
Changed line 4 from:
'''Mailing list: [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]]'''
to:
'''Mailing list: None'''
October 11, 2012, at 09:00 AM EST
by - no more mailing list subscription requests!
Deleted lines 15-16:
To receive further announcements get on the seminar mailing list, use Mailman to subscribe to [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Changed line 40 from:
* 07/20:
to:
* 07/20: Exploits [[http://www.cs.utah.edu/~ccutler/Malsem-jul20.pdf | Slides]]
Changed lines 26-27 from:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]] [[http://www.cs.utah.edu/~ccutler/crackme_2.exe | Obfuscated Crackme]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.odp |.odp]]).
to:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]]. [[http://www.cs.utah.edu/~ccutler/crackme_2.exe | Obfuscated Crackme]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.odp |.odp]]).
Changed lines 30-31 from:
* 06/15: Automatic unpacking. [[UnpackingNotes | Notes]]
to:
* 06/15: Automatic unpacking. [[UnpackingNotes | Notes]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/03-auto-unpacking.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/03-auto-unpacking.odp |.odp]]).
Changed lines 36-38 from:
* 07/06: Modern malware: Stuxnet, Duqu, Flame [[ModernMalware | Notes]]
* 0713: More examples: PDF malware, and rootkits [[PDFAndRootkits | Notes]]
* 07
to:
* 07/06: Modern malware: Stuxnet, Duqu, Flame [[ModernMalware | Notes]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/04-modern-malware.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/04-modern-malware.odp |.odp]]).
* 07/13: More examples: PDF malware, and rootkits [[PDFAndRootkits | Notes]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/05-more-examples.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/05-more-examples.odp |.odp]]).
* 07/13: More examples: PDF malware, and rootkits [[PDFAndRootkits | Notes]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/05-more-examples.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/05-more-examples.odp |.odp]]).
Changed lines 34-38 from:
* 06/29:
*
* 07/13
*
* 07/13
to:
* 06/29: No seminar
* 07/06: Modern malware: Stuxnet, Duqu, Flame [[ModernMalware | Notes]]
* 07/13: More examples: PDF malware, and rootkits [[PDFAndRootkits | Notes]]
* 07/06: Modern malware: Stuxnet, Duqu, Flame [[ModernMalware | Notes]]
* 07/13: More examples: PDF malware, and rootkits [[PDFAndRootkits | Notes]]
Changed line 32 from:
* 06/22:
to:
* 06/22: Basic dynamic analysis [[dynanal | Notes]]
Changed line 30 from:
* 06/15:
to:
* 06/15: Automatic unpacking. [[UnpackingNotes | Notes]]
Changed line 28 from:
* 06/08: Malware Sample 1 (gamarue.I)
to:
* 06/08: Malware Sample 1 (gamarue.I) [[http://www.cs.utah.edu/~ccutler/ida-dumps.tgz | IDA dumps]]
Changed line 28 from:
* 06/08:
to:
* 06/08: Malware Sample 1 (gamarue.I)
Changed lines 26-27 from:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]] [[http://www.cs.utah.edu/~ccutler/crackme_2.exe | Obfuscated Crackme]]
[[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.odp |.odp]]).
[[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.odp |.odp]]).
to:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]] [[http://www.cs.utah.edu/~ccutler/crackme_2.exe | Obfuscated Crackme]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.odp |.odp]]).
Added line 27:
[[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/02-anti-debugging.odp |.odp]]).
Changed line 26 from:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]].
to:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]] [[http://www.cs.utah.edu/~ccutler/crackme_2.exe | Obfuscated Crackme]]
Changed line 26 from:
* 06/01:
to:
* 06/01: Anti-debugging techniques. [[AntiDebugNotes | Notes]].
Changed lines 22-24 from:
* 05/18: Recap of the ASM language
to:
* 05/18: Recap of the ASM language. [[ASMNotes | Notes]]. [[ASMExamples | Examples]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | Slides]] (LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.odp |.odp]]).
Changed line 24 from:
[[ASMNotes | Notes]]. [[ASMExamples | Examples]]. [[[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | Slides .pdf]], [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.odp |.odp]] (LibreOffice)].
to:
[[ASMNotes | Notes]]. [[ASMExamples | Examples]]. [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | Slides]](LibreOffice [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.odp |.odp]]).
Changed line 24 from:
[[ASMNotes | Notes]] [[ASMExamples | Examples]] Slides ([[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | )
to:
[[ASMNotes | Notes]]. [[ASMExamples | Examples]]. [[[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | Slides .pdf]], [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.odp |.odp]] (LibreOffice)].
Changed lines 22-24 from:
* 05/18: Recap of the ASM language [[ASMExamples | Examples]]
to:
* 05/18: Recap of the ASM language
[[ASMNotes | Notes]] [[ASMExamples | Examples]] Slides ([[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | .pdf]], [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.odp |.odp]] (LibreOffice))
[[ASMNotes | Notes]] [[ASMExamples | Examples]] Slides ([[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.pdf | .pdf]], [[http://www.cs.utah.edu/~aburtsev/malw-sem/slides/01-asm.odp |.odp]] (LibreOffice))
Changed line 22 from:
* 05/18: Recap of the ASM language
to:
* 05/18: Recap of the ASM language [[ASMExamples | Examples]]
Changed line 15 from:
The seminar will be structured as a series of presentations, and in-class analysis sessions. We'll prepare Emulab images for you to do exersizes, and try your own experiments.
to:
The seminar will be structured as a series of presentations, and in-class analysis sessions. We'll prepare Emulab images for you to do exercises, and try your own experiments.
Changed line 6 from:
This seminar is an introduction to practical aspects of malware analysis. Our draft plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
to:
This seminar is an introduction to practical aspects of malware analysis. Our plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
Changed line 22 from:
* 05/18: ASM language
to:
* 05/18: Recap of the ASM language
Changed line 6 from:
This seminar is aimed as an introduction to practical aspects of malware analysis. Our rough plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
to:
This seminar is an introduction to practical aspects of malware analysis. Our draft plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
Changed lines 6-7 from:
This seminar is aimed to study practical aspects of malware analysis. Our rough plan is to cover the following topics with the emphasis on gaining practical reverse engineering skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
to:
This seminar is aimed as an introduction to practical aspects of malware analysis. Our rough plan is to cover the following topics with the emphasis on gaining practical analysis skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
Added lines 14-15:
The seminar will be structured as a series of presentations, and in-class analysis sessions. We'll prepare Emulab images for you to do exersizes, and try your own experiments.
Changed lines 6-8 from:
The
to:
This seminar is aimed to study practical aspects of malware analysis. Our rough plan is to cover the following topics with the emphasis on gaining practical reverse engineering skills, in-depth understanding of malware implementation techniques, and experience with static and dynamic analysis tools:
Changed line 10 from:
* anti-debugging techniques
to:
* common anti-debugging techniques
Changed line 13 from:
* discussion of classic and advanced exploit techniques
to:
* low-level mechanics of classic and advanced exploit techniques
Changed line 16 from:
To receive announcements get on the seminar mailing list, use Mailman to subscribe to [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
to:
To receive further announcements get on the seminar mailing list, use Mailman to subscribe to [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Changed lines 3-6 from:
'''Time and place:''' Fridays, 1:00pm, Flux Conference Room (3485 MEB)\\
'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
to:
'''Time and place: Fridays, 1:00pm, Flux Conference Room (3485 MEB)'''\\
'''Mailing list: [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]]'''
'''Mailing list: [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]]'''
Changed line 16 from:
To get on the class mailing list, use Mailman to subscribe to [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
to:
To receive announcements get on the seminar mailing list, use Mailman to subscribe to [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Changed lines 3-4 from:
'''Time and place:''' Fridays, 1:00pm, Flux Conference Room (3485 MEB)
to:
'''Time and place:''' Fridays, 1:00pm, Flux Conference Room (3485 MEB)\\
'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Changed lines 4-5 from:
'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
to:
\\'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Changed lines 2-3 from:
to:
'''Time and place:''' Fridays, 1:00pm, Flux Conference Room (3485 MEB)
'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
'''Mailing list:''' [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Changed lines 3-5 from:
to:
!Mailing list: [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Deleted lines 14-15:
Added line 17:
Changed line 46 from:
* 08/17:
to:
* 08/17:
Added lines 12-15:
!Mailing list
To get on the class mailing list, use Mailman to subscribe to [[http://mailman.cs.utah.edu/mailman/listinfo/malw-sem | malw-sem]].
Added line 2:
!Time and place: Fridays, 1:00pm, Flux Conference Room (3485 MEB)
Changed lines 4-5 from:
to:
* basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
Changed lines 18-40 from:
to:
* 06/01:
* 06/08:
* 06/15:
* 06/22:
* 06/29:
* 07/06:
* 07/13:
* 07/20:
* 07/27:
* 08/03:
* 08/10:
* 08/17:
* 06/08:
* 06/15:
* 06/22:
* 06/29:
* 07/06:
* 07/13:
* 07/20:
* 07/27:
* 08/03:
* 08/10:
* 08/17:
Changed line 4 from:
* basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
to:
* bdcscasics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
Changed lines 11-17 from:
!Schedule
to:
!Schedule
* 05/18:
* 05/25:
* 06/01:
* 05/18:
* 05/25:
* 06/01:
Changed lines 3-4 from:
The seminar will cover practical approaches to malware analysis
techniques: * basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
techniques:
to:
The seminar will cover practical approaches to malware analysis techniques:
* basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
* basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
Changed lines 4-10 from:
techniques:
* basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
* tools: IDA, OllyDBG
* anti-debugging techniques
* packers and approaches to unpacking
* in-class reverse engineering sessions
* discussion of classic and advanced exploit techniques
* anti-debugging techniques
* packers and approaches to unpacking
* in-class reverse engineering sessions
to:
techniques: * basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
* tools: IDA, OllyDBG
* anti-debugging techniques
* packers and approaches to unpacking
* in-class reverse engineering sessions
* discussion of classic and advanced exploit techniques
* tools: IDA, OllyDBG
* anti-debugging techniques
* packers and approaches to unpacking
* in-class reverse engineering sessions
* discussion of classic and advanced exploit techniques
Changed lines 5-17 from:
- basics: asm language, calling conventions, relevant low-level parts
of CPU, and OS interface
- tools: IDA, OllyDBG
- anti-debugging techniques
- packers and approaches to unpacking
- in-class reverse engineering sessions
- discussion of classic and advanced exploit techniques
to:
* basics: asm language, calling conventions, relevant low-level parts of CPU, and OS interface
* tools: IDA, OllyDBG
* anti-debugging techniques
* packers and approaches to unpacking
* in-class reverse engineering sessions
* discussion of classic and advanced exploit techniques
* tools: IDA, OllyDBG
* anti-debugging techniques
* packers and approaches to unpacking
* in-class reverse engineering sessions
* discussion of classic and advanced exploit techniques
Changed lines 3-17 from:
to:
The seminar will cover practical approaches to malware analysis
techniques:
- basics: asm language, calling conventions, relevant low-level parts
of CPU, and OS interface
- tools: IDA, OllyDBG
- anti-debugging techniques
- packers and approaches to unpacking
- in-class reverse engineering sessions
- discussion of classic and advanced exploit techniques
techniques:
- basics: asm language, calling conventions, relevant low-level parts
of CPU, and OS interface
- tools: IDA, OllyDBG
- anti-debugging techniques
- packers and approaches to unpacking
- in-class reverse engineering sessions
- discussion of classic and advanced exploit techniques
Changed lines 1-3 from:
!%center% Organizers: Cody Cutler, Anton Burtsev
to:
!Organizers: [[http://www.cs.utah.edu/~ccutler | Cody Cutler]], [[http://www.cs.utah.edu/~aburtsev | Anton Burtsev]]
Changed line 1 from:
%center% !Organizers: Cody Cutler, Anton Burtsev
to:
!%center% Organizers: Cody Cutler, Anton Burtsev
Changed line 1 from:
%center% [++Organizers: Cody Cutler, Anton Burtsev++]
to:
%center% !Organizers: Cody Cutler, Anton Burtsev
Changed line 1 from:
%center% ++Organizers: Cody Cutler, Anton Burtsev++
to:
%center% [++Organizers: Cody Cutler, Anton Burtsev++]
Changed line 1 from:
%center%++Organizers: Cody Cutler, Anton Burtsev++
to:
%center% ++Organizers: Cody Cutler, Anton Burtsev++
Added lines 1-3:
%center%++Organizers: Cody Cutler, Anton Burtsev++
!Schedule
!Schedule
Deleted lines 0-11:
A local copy of PmWiki's
documentation has been installed along with the software,
and is available via the [[PmWiki/documentation index]].
To continue setting up PmWiki, see [[PmWiki/initial setup tasks]].
The [[PmWiki/basic editing]] page describes how to create pages
in PmWiki. You can practice editing in the [[wiki sandbox]].
More information about PmWiki is available from http://www.pmwiki.org.