In this course, students will learn how to do static malware analysis using a debugger and disassembler. Through controlled evaluation using the debugger, students will learn how to identify exactly what the malware specimen does and how it is performing those actions. Once students have mastered the evaluation portion of the class they will learn how to patch the specimen to make sections inactive or crack the program to allow full access to areas that have been hidden or encrypted by the malware developer.

• Thorough understanding of Microsoft Windows

• Experience with VMware software

• Basic knowledge/skills to read Intel x86 Assembly

• C Programming skills

• PERL or Python scripting skills

• Networking experience