Module Descriptors
MALWARE ANALYSIS AND REVERSE ENGINEERING
COMP63047
Key Facts
Digital, Technology, Innovation and Business
Level 6
20 credits
Contact
Leader: Ateeq Ur Rehman
Email: ateequr.rehman@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities:
Independent Study Hours:
Total Learning Hours:
Pattern of Delivery
- Occurrence A, Stoke Campus, UG Semester 1
- Occurrence B, Stoke Campus, UG Semester 2
Sites
- Stoke Campus
Assessment
- ASSIGNMENT - 2000 WORDS weighted at 70%
- REPORT - 1500 WORDS weighted at 30%
Module Details
LEARNING OUTCOMES
1. Demonstrate a systematic understanding of the principles and concepts that underpin malicious software and software-based attacks.
Knowledge & Understanding
2. Demonstrate a critical understanding of known malware, types, and emerging infection vectors and how they infect digital systems.
Learning
Knowledge & Understanding
3. Consider technical and ethical approaches in the selection of methods, tools and techniques to deploy in the analysis of potentially malicious software.
Analysis
Problem Solving
Enquiry
4. Apply methods using ideas, tools and techniques at the forefront of the discipline, to conduct malware analysis.
Application
Knowledge & Understanding
2. Demonstrate a critical understanding of known malware, types, and emerging infection vectors and how they infect digital systems.
Learning
Knowledge & Understanding
3. Consider technical and ethical approaches in the selection of methods, tools and techniques to deploy in the analysis of potentially malicious software.
Analysis
Problem Solving
Enquiry
4. Apply methods using ideas, tools and techniques at the forefront of the discipline, to conduct malware analysis.
Application
ADDITIONAL ASSESSMENT DETAILS
Assignment 70%
Malware Analysis: Documentation 2000 words detailing underpinning research, evaluation and design of a malicious software component. (Learning outcomes 1 and 2)
Report 30%
Sample analysis report 1500 words discussing how a malware analyst, once given an unknown software, will analyse it to decide whether it is malicious or not. (Learning Outcomes 3 and 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K4: Computer architecture, digital logic, machine level representation of data
S4: Build test and debug a digital system to a specification
K6: Algorithm and program design, concepts, compilers and logic. Programming languages
S6: Write, test, debug programs in high- and low-level languages and scripts
K9: Malware, reverse engineering, obfuscation
S9: Analyse malware & identify its mechanisms
K10: Defensive programming, malware resistance, code analysis, formal methods, good practice
S10: Apply secure programming principles and design patterns to address security issues
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigation
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B11: Logical thinking and creative approach to problem solving
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
Malware Analysis: Documentation 2000 words detailing underpinning research, evaluation and design of a malicious software component. (Learning outcomes 1 and 2)
Report 30%
Sample analysis report 1500 words discussing how a malware analyst, once given an unknown software, will analyse it to decide whether it is malicious or not. (Learning Outcomes 3 and 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K4: Computer architecture, digital logic, machine level representation of data
S4: Build test and debug a digital system to a specification
K6: Algorithm and program design, concepts, compilers and logic. Programming languages
S6: Write, test, debug programs in high- and low-level languages and scripts
K9: Malware, reverse engineering, obfuscation
S9: Analyse malware & identify its mechanisms
K10: Defensive programming, malware resistance, code analysis, formal methods, good practice
S10: Apply secure programming principles and design patterns to address security issues
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigation
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B11: Logical thinking and creative approach to problem solving
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
INDICATIVE CONTENT
Low Level Programming Basics
Common Software Vulnerabilities
Assembly Language and Machine Code
Compilers
Introduction to Malicious Software
Viruses, Worms and trojans
Software Debugging
Malware Analysis Techniques
Static Analysis
Dynamic Analysis
Malware Reverse Engineering
Malware creation and armouring / obfuscation
Infection Vectors
Payload generation.
Scripting/ custom tools sets for analysis
Anti-Virus Systems
Machine Learning and AI
This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:
K4: Computer architecture, digital logic, machine level representation of data
S4: Build test and debug a digital system to a specification
K6: Algorithm and program design, concepts, compilers and logic. Programming languages
S6: Write, test, debug programs in high- and low-level languages and scripts
K9: Malware, reverse engineering, obfuscation
S9: Analyse malware & identify its mechanisms
K10: Defensive programming, malware resistance, code analysis, formal methods, good practice
S10: Apply secure programming principles and design patterns to address security issues
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B11: Logical thinking and creative approach to problem solving
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
Learning within this module maps to the following Fundamental British Values:¿¿
Democracy
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Protecting from harm
Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿
Bias prevention in security
Common Software Vulnerabilities
Assembly Language and Machine Code
Compilers
Introduction to Malicious Software
Viruses, Worms and trojans
Software Debugging
Malware Analysis Techniques
Static Analysis
Dynamic Analysis
Malware Reverse Engineering
Malware creation and armouring / obfuscation
Infection Vectors
Payload generation.
Scripting/ custom tools sets for analysis
Anti-Virus Systems
Machine Learning and AI
This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:
K4: Computer architecture, digital logic, machine level representation of data
S4: Build test and debug a digital system to a specification
K6: Algorithm and program design, concepts, compilers and logic. Programming languages
S6: Write, test, debug programs in high- and low-level languages and scripts
K9: Malware, reverse engineering, obfuscation
S9: Analyse malware & identify its mechanisms
K10: Defensive programming, malware resistance, code analysis, formal methods, good practice
S10: Apply secure programming principles and design patterns to address security issues
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B11: Logical thinking and creative approach to problem solving
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
Learning within this module maps to the following Fundamental British Values:¿¿
Democracy
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Protecting from harm
Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿
Bias prevention in security
WEB DESCRIPTOR
The module will provide you with the ability to undertake assessments of software in various forms and will allow you to determine software from malware. You will be provided with an in-depth understanding of the various forms of malware, and how this is used to infect machines and hide from defenders.
LEARNING STRATEGIES
This module will be delivered in a Blended Learning Mode consisting of face-to-face, online and guided learning sessions.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, you will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 30 hours
A typical assignment will take you a minimum 30 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, you will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 30 hours
A typical assignment will take you a minimum 30 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
TEXTS
Olmsted, A. (2024) Security-Driven Software Development: Learn to Analyze and Mitigate Risks in Your Software Projects. Birmingham: Packt Publishing.
Bulmash, G. & Segura, T. (2024) Crafting Secure Software: An engineering leader’s guide to security by design. Packt Publishing.
Sikorski, M. & Honig, A. (2023) Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. 2nd edn. San Francisco: No Starch Press.
Engebretson, P. (2023) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. 3rd edn. Cambridge, MA: Syngress.
Mitnick, K. D. & Russell, W. L. (2023) The Art of Deception: Controlling the Human Element of Security. 2nd edn. Indianapolis, IN: Wiley.
The Art of Software Security Assessment, Mark Dowd, John McDonald and Justin Schuh, Addison-Wesley, 2007, ISBN 978-0321444424
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, Ligh, M., S. Adair, B. Hartstein, M. Richard, 2010, Wiley, ISBN: 978-0470613030
Grey Hat Hacking, Harper, A, S. Harris, J. Ness, C. Eagle, G. Lenkey, T. Williams, 2011, McGraw-Hill, ISBN: 978-0071742559
The Art of Computer Virus Research and Defence, Szor, P., 2005, Addison Wesley, ISBN:0321304543
Mark Dowd and John McDonald and Justin Schuh, The Art of Software Security Assessment, Addison-Wesley, 2007
OECD, Computer Viruses and other Malicious Software, OECD, 2009, ISBN: 978-9264056503
Bulmash, G. & Segura, T. (2024) Crafting Secure Software: An engineering leader’s guide to security by design. Packt Publishing.
Sikorski, M. & Honig, A. (2023) Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. 2nd edn. San Francisco: No Starch Press.
Engebretson, P. (2023) The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. 3rd edn. Cambridge, MA: Syngress.
Mitnick, K. D. & Russell, W. L. (2023) The Art of Deception: Controlling the Human Element of Security. 2nd edn. Indianapolis, IN: Wiley.
The Art of Software Security Assessment, Mark Dowd, John McDonald and Justin Schuh, Addison-Wesley, 2007, ISBN 978-0321444424
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, Ligh, M., S. Adair, B. Hartstein, M. Richard, 2010, Wiley, ISBN: 978-0470613030
Grey Hat Hacking, Harper, A, S. Harris, J. Ness, C. Eagle, G. Lenkey, T. Williams, 2011, McGraw-Hill, ISBN: 978-0071742559
The Art of Computer Virus Research and Defence, Szor, P., 2005, Addison Wesley, ISBN:0321304543
Mark Dowd and John McDonald and Justin Schuh, The Art of Software Security Assessment, Addison-Wesley, 2007
OECD, Computer Viruses and other Malicious Software, OECD, 2009, ISBN: 978-9264056503
RESOURCES
The VLE plus access to Malware analysis tools and a network test laboratory such as Cuckoo Sandbox and Virtual Machine platform