Malware analysis

Course objectives

General Outcomes. The current scenarios related to cyber security show us the increasingly pervasive presence of malicious software used to perpetrate cyber attacks. The course aims to provide students with the knowledge, methods, and basic tools to analyze, identify, categorize, and understand the behavior of malicious software. The course will adopt a practical approach, with a significant component of application to real cases. Specific Outcomes. Knowledge and understanding: Knowledge of distinctive characteristics and functionalities of malicious software. Applying knowledge and understanding: Ability to statically and dynamically analyze an instance of potentially malicious untrusted software. Applied ability to identify and evaluate different functionalities of an instance of untrusted software through reverse-engineering methods and tools. Making judgments: Ability to interpret the results of analysis and reverse engineering activities of untrusted software as a potentially malicious sample. Communication skills: Being able to present the results of technical analysis in the form of a report in the spirit of what professionals in the field do. Learning skills: The course's methods encourage students to independently delve deeper into the methodologies presented in the theoretical and practical classes on each topic. They will apply them to complex instances of software that employ a variety of techniques and functionalities.

Channel 1
LEONARDO QUERZONI Lecturers' profile

Program - Frequency - Exams

Course program
• Fundamentals of assembly (ASM) • Analysis methodologies • Static analysis • Dynamic analysis • Persistence techniques • Code injection • Packing • Command-and-control (C2)
Prerequisites
Fundamental knowledge: - C programming - Develop/compile/link software cycle - Computer architectures Useful knowledge: - ASM x86
Books
Lecturer's slides M. Sikorski and A. Honig; Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.
Frequency
In person, videos of lectures also available
Exam mode
The exam takes the form of a practical, computer-based test in which you will be asked to analyze a synthetic malware sample and produce a report of the activities performed.
Bibliography
We will be providing additional resources on the course web page. Further references - B. Dang, A. Gazet, E. Bachaalany; Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation. Wiley. - Monnappa K A; Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt.
Lesson mode
Lectures, exercises, laboratory sessions.
LEONARDO QUERZONI Lecturers' profile

Program - Frequency - Exams

Course program
• Fundamentals of assembly (ASM) • Analysis methodologies • Static analysis • Dynamic analysis • Persistence techniques • Code injection • Packing • Command-and-control (C2)
Prerequisites
Fundamental knowledge: - C programming - Develop/compile/link software cycle - Computer architectures Useful knowledge: - ASM x86
Books
Lecturer's slides M. Sikorski and A. Honig; Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.
Frequency
In person, videos of lectures also available
Exam mode
The exam takes the form of a practical, computer-based test in which you will be asked to analyze a synthetic malware sample and produce a report of the activities performed.
Bibliography
We will be providing additional resources on the course web page. Further references - B. Dang, A. Gazet, E. Bachaalany; Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation. Wiley. - Monnappa K A; Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt.
Lesson mode
Lectures, exercises, laboratory sessions.
DANIELE CONO D'ELIA Lecturers' profile

Program - Frequency - Exams

Course program
The course provides an introduction to cybersecurity and the fundamental techniques used in malware analysis and reverse engineering. Students explore the internal structure and evolution of malicious software, learning both static and dynamic analysis methods, as well as common packing and code injection techniques.
Prerequisites
Fundamental knowledge: - C programming - Develop/compile/link software cycle - Computer architectures Useful knowledge: - ASM x86
Books
Lecturer's slides M. Sikorski and A. Honig; Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.
Teaching mode
Face-to-face lectures, exercises, hands-on.
Frequency
In person, videos of lectures also available. Attending the lectures is warmly recommended, but not compulsory.
Exam mode
The exam consists of a 3-hour practical test where the student will have to dissect a synthetic malware sample.
Bibliography
We will be providing additional resources on the course web page. Further references - B. Dang, A. Gazet, E. Bachaalany; Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation. Wiley. - Monnappa K A; Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt.
Lesson mode
Face-to-face lectures, exercises, and hands-on activities.
DANIELE CONO D'ELIA Lecturers' profile

Program - Frequency - Exams

Course program
The course provides an introduction to cybersecurity and the fundamental techniques used in malware analysis and reverse engineering. Students explore the internal structure and evolution of malicious software, learning both static and dynamic analysis methods, as well as common packing and code injection techniques.
Prerequisites
Fundamental knowledge: - C programming - Develop/compile/link software cycle - Computer architectures Useful knowledge: - ASM x86
Books
Lecturer's slides M. Sikorski and A. Honig; Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software. No Starch Press.
Teaching mode
Face-to-face lectures, exercises, hands-on.
Frequency
In person, videos of lectures also available. Attending the lectures is warmly recommended, but not compulsory.
Exam mode
The exam consists of a 3-hour practical test where the student will have to dissect a synthetic malware sample.
Bibliography
We will be providing additional resources on the course web page. Further references - B. Dang, A. Gazet, E. Bachaalany; Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation. Wiley. - Monnappa K A; Learning Malware Analysis: Explore the concepts, tools, and techniques to analyze and investigate Windows malware. Packt.
Lesson mode
Face-to-face lectures, exercises, and hands-on activities.
  • Lesson code10600447
  • Academic year2025/2026
  • CourseEngineering in Computer Science and Artificial Intelligence
  • CurriculumSingle curriculum
  • Year2nd year
  • Semester1st semester
  • SSDING-INF/05
  • CFU6