Studying at the University of Verona
Here you can find information on the organisational aspects of the Programme, lecture timetables, learning activities and useful contact details for your time at the University, from enrolment to graduation.
Study Plan
This information is intended exclusively for students already enrolled in this course.If you are a new student interested in enrolling, you can find information about the course of study on the course page:
Laurea magistrale in Ingegneria e scienze informatiche - Enrollment from 2025/2026The Study Plan includes all modules, teaching and learning activities that each student will need to undertake during their time at the University.
Please select your Study Plan based on your enrollment year.
1° Year
2° Year activated in the A.Y. 2023/2024
Modules | Credits | TAF | SSD |
---|
Modules | Credits | TAF | SSD |
---|
Modules | Credits | TAF | SSD |
---|
4 modules among the following
2 modules among the following
3 modules among the following
Legend | Type of training activity (TTA)
TAF (Type of Educational Activity) All courses and activities are classified into different types of educational activities, indicated by a letter.
Malware (2022/2023)
Teaching code
4S003738
Credits
6
Language
Italian
Scientific Disciplinary Sector (SSD)
INF/01 - INFORMATICS
The teaching is organized as follows:
Teoria
Laboratorio
Learning objectives
The course aims to provide the theoretical and practical bases of the malevolent code. In particular, the course proposes techniques for the definition and classification of malicious code, analysis of malicious code and risk management. At the end of the course, the student will have the necessary knowledge to understand the nature and evolution of the malicious code, anti-detection techniques and risk profiles. Furthermore, it will be able to perform reverse engineering of malicious code, identifying its essential components. This knowledge will allow the student to classify the threats and their evolution deriving from malicious code based attacks. The student will then be able to continue his/her studies autonomously in the field of computer security, studying new malicious codes and the respective countermeasures to mitigate their effects.
Prerequisites and basic notions
Attended the course Foundations of Security and Privacy
Program
Types of Malware
Cyber Kill Chain of a Malware attack
Introduction to malware analysis
How to set up a VM to perform malware analysis
Basic static analysis
Portable Executable Format
Static analysis of Portable Executable Format with PEStudio
Analyzing the behavior of a malware based on imported APIs
Basic Dynamic Analysis with Regshot and Procmon
Network Traffic Analysis with Wireshark
Assembly language for x86 architecture
Reverse engineering with IDA Freeware
Reverse engineering with Ghidra
Reverse engineering with x32dbg
Anti-Debugging techniques
Data encoding and obfuscation techniques
Code packing and encryption techniques
Analysis of malicious pdf documents
Analysis of malicious Office documents
Bibliography
Didactic methods
Frontal lectures
Practical exercises in the lab
Learning assessment procedures
Students will be assessed based on a project and an oral examination. The project requires to perform:
- Basic static and dynamic analysis of a Windows malware
- Network traffic analysis of the malware
- Reverse engineering of one of the malware functions indicated by the teacher
- Basic static analysis of a malicious Office document
- Basic static analysis of a malicious pdf document
The project can be done in a group of maximum 2 students.
The analysis results have to be presented in a written report formatted according to the template provided by the teacher.
During the oral examination, the students will have to present the steps of the analysis using the virtual machines provided by the teacher. The teacher will ask questions on the performed analysis.
The teacher will publish an excel file detailing the dates and time slots available for oral examination. Students must register to take the oral exam filling their name near the chosen date and time slot.
At the end of the oral examination, the teacher will propose a mark in 30th.
Evaluation criteria
The following criteria will be applied to evaluate the students' project.
Basic static analysis of a malware for the Windows operating system
- Students must demonstrate that they can identify the possible behavior of the malware based on the APIs imported by the malware and the strings.
Basic dynamic analysis of a malware for the Windows operating system
- Students must demonstrate that they can identify the behavior of the malware based on the APIs called by the malware, the files or folders created by the malware, and the Windows logs modified by the malware and network traffic generated by malware
Basic static analysis of a malicious Office document
Students must be able to:
- extract the macros present in the document
- identify any obfuscation techniques used to prevent macro analysis
- de-obfuscate the macro
- understand the behavior of the macro from the functions that are called
Basic static analysis of a malicious pdf document
Students must be able to:
- extract the objects present in the document that contain Javascript code
- identify any techniques obfuscation taken to prevent parsing of the Javascript code
- de-obfuscate the script
- understand the behavior of the script.
Criteria for the composition of the final grade
The final mark is equal to the mark assigned to the project in 30th.
Exam language
Italia