--- title: 'Homeworks' tags: cs6501-spring22 --- # Homeworks * Please use **Collab** to submit your answers to the homeworks. * Deadlines are posted in the collab. * Feedback will be available after the grading. ## Homework 1. Basic C/C++ for Cyber Forensics * I will be providing a simple C program source code including structures/pointers to remind your knowledge in C/C++ and computer program execution itself. * Answer a few questions regarding the program to show your clear understanding of what's going on in the program. * Details will be announced during the class. * [Download Questions](https://virginia.box.com/s/ssofpef5uqti7r22qyyku8e0p94c85ed) ## Homework 2. Instrumentation * Given two different ways of instrumenting the code, you will describe which one is better and why. * Details will be announced during the class. * [Download Questions](https://virginia.box.com/s/mqvivfd89hrl55lmhaz0m7de7pgm2af9) ## Homework 3. Program representation -- English shellcode * Read [the English shellcode paper (CCS'09)](https://virginia.box.com/s/3hgfq2tq7a6wxudiipv4e6ai89h4mgjl), and use [the online disassembler](https://onlinedisassembler.com/static/home/index.html) to show examples in the paper indeed works and generate valid shellcode. * Explain its principle very briefly (a few sentences). ## Homework 4. Manipulating the RegHide with a debugger * In the class, we will go over how to manipulate the RegHide program with a debugger. You will go over the same, and record critical steps. * [See the recording: 10. Debugging](https://virginia.box.com/s/bzh9jfe4d57pmq78q0vnwnc8kl8sh8ko) * Record a short video, with a few narrations including * The goal of the video * Try to show how RegHide works (their trick) * Locate the registry API and point out the discrepancy in handling strings between Win32APIs and Native APIs. * Demonstrate that how their trick works, and show it can be neutralized by directly modifying the string in the UNICODE_STRING * Explain each step including (1) what you are doing and (2) why you are doing, and (3) how you are doing * After the debugging process, you will explain what has been achieved ## Homework 5. Quiz from the [Project 2](https://hackmd.io/@yonghwikwon/SywFaXrg_) * [Statistical analysis on encoded code](https://hackmd.io/@yonghwikwon/SywFaXrg_) * Details were announced during the class ## Homework 6. Using Volatility * You will use the Volatility tool to inspect a memory dump image to find out malicious activities. * Details will be announced during the class