--- title: 'Schedule' tags: cs6501-spring22 --- > The list is in reverse chronological order. ## Week 15 (April 26, 28). Code Emulation (Project 3) * No slides: * [Project 3 description](https://discord.com/channels/933804248863477780/933804357131055185/968956290342744134) * Recordings: * [April 26, Code Emulation (Project 3) Part 1](https://virginia.box.com/s/rivocyrcaofixnjz4jpvispx1run4gih) * [April 28, Code Emulation (Project 3) Part 2](https://virginia.box.com/s/qzqorpkgunw2xbz0dx2lmf7lxft0484k) ## Week 14 (April 19, 21). Static-analysis: LLVM * LLVM details * [Slides](https://virginia.box.com/s/n7x9n09pnp5h6j5q2rwt9ogrlx30unjl) * Recordings: * [April 19, Static-analysis: LLVM (1)](https://virginia.box.com/s/san0xdjqkhamj3uy2d19xb1h3yuq7kbp) * [April 21, Static-analysis: LLVM (2)](https://virginia.box.com/s/ewjuyoxal1vdo7j0cs53lkldca2nzchd) ## Week 13 (April 12, 14). Partial Code Emulation * Slides: * [Partial Code Emulation](https://virginia.box.com/s/d81newjx0q252w6u3me3k4wyebhjs63d) * Recordings: * [April 12, Partial Code Emulation](https://virginia.box.com/s/8a69r6kqfe1i3i2hz52uh3k0zq60mp42) * [April 14, Partial Code Emulation](https://virginia.box.com/s/ikp3mkmst91osybqx0ue4smjycr8y2zg) ## Week 12 (April 5, 7). Information Flow Tracking * Slides: * [Information Flow Tracking](https://virginia.box.com/s/0x2u0f819958m80ordy7vzk3ih8s5ypb) * Recordings: * [April 5, Information Flow Tracking](https://virginia.box.com/s/mn8h3dt9qoryuyeb8i3zcp5clo6j5fn9) * [April 7, Information Flow Tracking](https://virginia.box.com/s/6ui93b0l5exlw7880fhxxwbii30kliu0) ## Week 11 (March 29, 31). Memory Forensics (cont.) * Recordings: * [March 29, Project 2 Description 1/2](https://virginia.box.com/s/bn6nzzeiyazacrzulq1jg21ebuakh6p7) * [March 31, Project 2 Description 2/2](https://virginia.box.com/s/w2m44rdwc0gadbex8rj3jlq90hr8n4p5) ## Week 10 (March 22, 24). Memory Forensics (cont.) * [Slides (Memory Forensics)](https://virginia.box.com/s/ly8fvc3uul3ryrw8n206i2idfm9k66bt) * Recordings: * [March 22, Memory Forensics / Project 2 Description](https://virginia.box.com/s/k9k3p83yz6ai85ecubf07bvn55hmg5qx) * [March 24, Project 2 Description](https://virginia.box.com/s/wctih6idh9darzixiird0ic6z7tbcqdy) > **[Project 2 releases]** ## Week 9 (March 15, 17). Forensics Artifact Recovery/Memory Forensics * [Slides (Memory Forensics)](https://virginia.box.com/s/ly8fvc3uul3ryrw8n206i2idfm9k66bt) * Basic concepts of forensic artifact recovery (e.g., disk/memory forensic). * Recordings: * [March 20, Memory Forensics](https://virginia.box.com/s/mgbmv5rk31g8z4fkwb9f2f8xi5qfh3h5) * [March 20, Memory Dump Analysis (Volatility Tool)](https://virginia.box.com/s/orrtj91vybsflvdujmwijur6nr0dgpxg) * Introducing Volatility Tool (https://www.volatilityfoundation.org) * [Example commands](https://book.hacktricks.xyz/forensics/volatility-examples) * [Sample Images](https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples) > **[Homework 2 releases]** ## Week 8 (March 8, 10). Spring Recess * No classes ## Week 7 (March 1, ~~3~~). Malware Analysis * Slides * [Debugging](https://virginia.box.com/s/5w6qex7lzc5gdh4vzmussfmimlhkzbqg) * Recordings: * [March 1](https://virginia.box.com/s/u6i8xhwrh3lxp0vc7p88bm6vp7wokssr) * Topics covered * How to use debugging tools, disassemblers ## Week 6 (Feb 22, 24). Malware Analysis (cont) * Slides * [Debugging](https://virginia.box.com/s/5w6qex7lzc5gdh4vzmussfmimlhkzbqg) * Recordings: * [Feb 22](https://virginia.box.com/s/wosivyikl4bi1lulooohiknmrf28khsc) * Topics covered * How to use debugging tools, disassemblers ## Week 5 (Feb 15, 17). Malware Analysis (cont) * Slides * [Program Execution Interception](https://virginia.box.com/s/mkmel7o2dm8w1jzmqfvcd84sfj93n2rz) * [Debugging](https://virginia.box.com/s/5w6qex7lzc5gdh4vzmussfmimlhkzbqg) * Recordings: * [Feb 15](https://virginia.box.com/s/lypebgo138ghma18a42e297uq9r0peet) * [Feb 17](https://virginia.box.com/s/2sa56dj90jtxkj29mv2fn55hfln1my4o) * Topics covered: * Hooking, Debugging, Discussion on new assignment with Unicorn framework. > **[Assignment 1 releases]** ## Week 4 (~~Feb 8~~, 10). Malware Analysis > **No class on Feb 8** * Slides * [Program Execution Interception](https://virginia.box.com/s/mkmel7o2dm8w1jzmqfvcd84sfj93n2rz) * Recordings: * [Feb 10](https://virginia.box.com/s/ksnbkci5s2jxnnz4xyzmggvjx2pnze05) * Topics covered: * Pin details, particularly regarding the assignment 1 (Thursday) ## Week 3 (Feb 1, 3). Program Representation / Dynamic Analysis for Cyber Forensics * Slides * [Program (Execution) Representation](https://virginia.box.com/s/g2187ujw9cedrlc4zed5vbhmk5zafta4) * [Program Execution Interception](https://virginia.box.com/s/7p2qhjt53thueuu3p9edega9jfyw9o57) * Recordings * [Feb 1 (Program Representation)](https://virginia.box.com/s/5m8dfq7urc7t92z3ymru70yta4lxg90x) * [Feb 3 (Program Representation / Program Execution Interception)](https://virginia.box.com/s/v6p09a52t41c9oitt461km3jghwshviz) * Debugging tools * IDA is one of the best disassemblers. Please download the free version from the following link: https://www.hex-rays.com/products/ida/support/download_freeware.shtml * Ghidra (a.k.a. that NSA reverse-engineering tool) is a great alternative. Please download ghidra from the following link: https://ghidra-sre.org/ * How to use debugging tools, disassemblers, and the [Intel Pin](https://www.google.com/url?q=https%3A%2F%2Fsoftware.intel.com%2Fen-us%2Farticles%2Fpin-a-dynamic-binary-instrumentation-tool&sa=D&sntz=1&usg=AFQjCNGjl-JWYojsk-ioQTPnrz_HvTzNng) framework. * [Intel Pin](https://www.google.com/url?q=https%3A%2F%2Fsoftware.intel.com%2Fen-us%2Farticles%2Fpin-a-dynamic-binary-instrumentation-tool&sa=D&sntz=1&usg=AFQjCNGjl-JWYojsk-ioQTPnrz_HvTzNng): Check the **Tutorial Section** of the page * Research Paper: [Pin: building customized program analysis tools with dynamic instrumentation, PLDI'05](https://dl.acm.org/doi/10.1145/1064978.1065034) ## Week 2 (Jan 25, 27). Introduction / Logistics * Slides * [Introduction (cont.)](https://virginia.box.com/s/7ui0gan1dbhqoqpsrkqzpq215t6zgc4c) * [Logistics](https://virginia.box.com/s/chy7nr5yhzmt5vfzlxk7yno1qi3uq68s) * Recordings: * [Jan 25 (Intro./Logistics)](https://virginia.box.com/s/frlsnslwb6jfdkrn8vjatbwpet1p83uh) * [Jan 27 (Logistics; Assignment Intro/HW2)](https://virginia.box.com/s/bjenybfsx8t11ym45vz36a0ezj1awd50) * Virtual Machine Download * [Virtual Box](https://www.virtualbox.org/wiki/Downloads) * [VM Image](https://virginia.box.com/s/bpdrbz1y4jbuv2vwb6husodfqdx5vya8) / [VM Image (for 4K/Retina Display)](https://virginia.box.com/s/o1kv3yc2spyio5gnidzzspk3hc0nk3cy) * Use `"File" > "Import Appliance"` menu to import the VM. * Windows VM * [Download](https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/) * Homework 1: [Download (Solve this and upload the answer in the collab)](https://virginia.box.com/s/ssofpef5uqti7r22qyyku8e0p94c85ed) * Homework 2: [Download (Solve this and upload the answer in the collab)](https://virginia.box.com/s/mqvivfd89hrl55lmhaz0m7de7pgm2af9) ## Week 1 (Jan 20). Introduction * Slides * [Introduction](https://virginia.box.com/s/7ui0gan1dbhqoqpsrkqzpq215t6zgc4c) * [Logistics](https://virginia.box.com/s/chy7nr5yhzmt5vfzlxk7yno1qi3uq68s) * Extra assignments (for make-up if you wish): * Option 1: https://sites.google.com/view/swsec19/home/assign-1-a * Option 2: https://sites.google.com/view/swsec19/home/assign-1-b * Option 3: https://sites.google.com/view/swsec19/home/assign-2 * If you want to do some of them, we should discuss. Text me in the discord.
Last changed by  
Yonghwi Kwon
969
Published on HackMD