The purpose of CSF 808: Malware Analysis is to equip learners with the knowledge and practical expertise required to detect, analyze, and mitigate malicious software in real-world environments. This course integrates theoretical foundations with hands-on practice to develop competency in static and dynamic analysis, reverse engineering, and behavioral assessment of malware. By engaging with modern tools and techniques—including Volatility, Ghidra, Radare2, and REMnux—students will gain the ability to dissect diverse malware types, identify anti-analysis strategies, and devise effective countermeasures. Ultimately, the course aims to prepare participants to operate confidently in security operations centers and incident response teams, safeguarding digital systems and networks against evolving cyber threats.

CLO1: Recall the characteristics, infection mechanisms, and anti-analysis techniques of various malware types, including fileless malware, rootkits, wipers, and their associated MITRE ATT&CK TTPs (e.g., T1027, T1497).

CLO2: Explain how malware employs evasion techniques (e.g., obfuscation, anti-VM, anti-disassembly) and persists in systems, enabling effective detection and analysis strategies.

CLO3: Apply contemporary tools and techniques, such as Volatility, Ghidra, Radare2, and REMnux, to perform static and dynamic malware analysis in secure virtual environments.

CLO4: Analyze malware behaviors to identify indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and recommend mitigation strategies to neutralize threats.

CSF 808: Malware Analysis is a comprehensive, hands-on course designed to empower
cybersecurity enthusiasts, IT professionals, computer science students, and junior incident-response
analysts with practical skills to detect, analyze, and mitigate malicious software. Through a systematic
blend of theoretical foundations and applied techniques, learners will develop proficiency in static
and dynamic malware analysis, reverse engineering, and behavioral analysis to address modern
cyber threats.

The course covers essential topics such as malware types (fileless malware, rootkits, wipers),
anti-analysis techniques (anti-debugging, anti-VM), and platform-specific analysis. Learners will work in
secure virtual-machine environments and use contemporary tools including Volatility,
Ghidra, Radare2, and REMnux to dissect real-world samples
(e.g., Emotet, Shamoon) and develop actionable mitigation strategies.

By bridging foundational concepts with advanced methodologies, CSF 808 prepares participants to operate
effectively in Security Operations Centers and incident response teams, enhancing their ability to protect
systems and networks against evolving malware threats. The course is structured into the following modules:

1. Introduction to malware analysis and setup
   Provides an overview of malware, its evolution, and introduces the essential tools and lab setup needed for safe analysis.
2. Basic static analysis techniques
   Covers non-execution techniques such as file hashing, metadata inspection, and string analysis to identify suspicious artifacts.
3. Basic dynamic analysis
   Focuses on executing malware in a controlled environment to observe runtime behavior, including process activity, registry changes, and network traffic.
4. Advanced static analysis
   Dives deeper into reverse engineering, disassembly, and decompilation of malware code to understand its internal logic.
5. Advanced dynamic analysis
   Explores advanced debugging, memory forensics, and monitoring techniques to uncover hidden or obfuscated malware functionality.
6. Malware analysis in practice
   Applies learned techniques to real-world malware samples, building hands-on expertise in identifying threats.
7. Advanced threat hunting
   Teaches proactive detection strategies, leveraging logs, endpoint monitoring, and threat intelligence to hunt for malware in networks.
8. Malware functionality - packers
   Explains the role of packers and obfuscators in concealing malware, and demonstrates unpacking techniques for analysis.
9. Malware analysis on documents
   Focuses on malicious document formats (e.g., PDF, Word, Excel) and how attackers embed scripts and exploits within them.
10. OT-specific malware analysis
    Examines malware targeting operational technology (OT) and industrial control systems (ICS), emphasizing unique risks and defenses.