Reverse Engineering Project

CYB80008 25 Credit Points Hawthorn

Duration

  • One Semester or equivalent

Contact hours

  • 96 hours

Aims and objectives

The focus of this unit is on malware analysis and the reverse engineering and correction of software faults through the modification of compiled binaries and in-memory processes. The unit includes the reconstruction of source code from memory snapshots, the detection and analysis of encoded, obfuscated or encrypted malware (static or dynamic) and the automated injection of executable "data" into vulnerable processes. The by-passing of mitigation techniques such as Address Space Layout Randomisation (ASLR), Data Execution Prevention (DEP), stack canaries, deep packet inspection and anti-virus and Security Information and Event Management (SIEM) software will be in scope. Physical attacks such as Cold Boot Attacks will also be in scope.

Students will become proficient in tools such as Ada Pro, Volatility and a range of purpose-built tools.


Unit Learning Outcomes (ULO)


Students who successfully complete this Unit will be able to:

1. Plan and execute independent research to identify software faults, vulnerabilities and consequences.
2. Analyse, locate and verify critical portions of machine code within executable binaries.
3. Design and evaluate appropriate changes and implement changes to machine code to correct faults.
4. Discuss the findings of cybersecurity investigations with peers and communicate to appropriate audiences.
5. Verify the effectiveness of team-based environments to investigate security threats and challenges.