Malware Analysis (Lecturer Notes)

In this practical session, students should conduct static and dynamic malware analysis on the installed Security Lab environment (see Security Threats). The lecturer can ask students to use VirusTotal to analyse malware-infected files (a link to the malware files repository is on the Malware Analysis main page).

Next, ask students to analyse some infected and clean files using PEView / PEStudio and extract and identify important information and Indicators of Compromise (IOCs). Students can use some of this information as features of their machine-learning mode in the next session. So it will be easier for them to understand what feature engineering and feature extraction are in machine learning.

You can use Labs 1 and 3 for malware analysis practices.

Create a free account on Joe Sandbox or Any Run, upload a malware-infected file, and show the students the IOCs and other abnormal behaviour. This will help them to learn how automated malware analysis tools work.