Studying at the University of Verona

Here you can find information on the organisational aspects of the Programme, lecture timetables, learning activities and useful contact details for your time at the University, from enrolment to graduation.

This information is intended exclusively for students already enrolled in this course.
If you are a new student interested in enrolling, you can find information about the course of study on the course page:

Laurea magistrale in Ingegneria e scienze informatiche - Enrollment from 2025/2026

The Study Plan includes all modules, teaching and learning activities that each student will need to undertake during their time at the University.
Please select your Study Plan based on your enrollment year.

CURRICULUM TIPO:

1° Year 

2° Year   activated in the A.Y. 2023/2024

ModulesCreditsTAFSSD
Final exam
24
E
-
activated in the A.Y. 2023/2024
ModulesCreditsTAFSSD
Final exam
24
E
-
Modules Credits TAF SSD
Between the years: 1°- 2°
Between the years: 1°- 2°
Between the years: 1°- 2°
English B2
3
F
-
Between the years: 1°- 2°
Between the years: 1°- 2°
Further activities
3
F
-

Legend | Type of training activity (TTA)

TAF (Type of Educational Activity) All courses and activities are classified into different types of educational activities, indicated by a letter.




S Placements in companies, public or private institutions and professional associations

Teaching code

4S003738

Credits

6

Language

Italian

Scientific Disciplinary Sector (SSD)

INF/01 - INFORMATICS

The teaching is organized as follows:

Teoria

Credits

4

Period

Semester 2

Laboratorio

Credits

2

Period

Semester 2

Learning objectives

The course aims to provide the theoretical and practical bases of the malevolent code. In particular, the course proposes techniques for the definition and classification of malicious code, analysis of malicious code and risk management. At the end of the course, the student will have the necessary knowledge to understand the nature and evolution of the malicious code, anti-detection techniques and risk profiles. Furthermore, it will be able to perform reverse engineering of malicious code, identifying its essential components. This knowledge will allow the student to classify the threats and their evolution deriving from malicious code based attacks. The student will then be able to continue his/her studies autonomously in the field of computer security, studying new malicious codes and the respective countermeasures to mitigate their effects.

Prerequisites and basic notions

Attended the course Foundations of Security and Privacy

Program

Types of Malware
Cyber Kill Chain of a Malware attack
Introduction to malware analysis
How to set up a VM to perform malware analysis
Basic static analysis
Portable Executable Format
Static analysis of Portable Executable Format with PEStudio
Analyzing the behavior of a malware based on imported APIs
Basic Dynamic Analysis with Regshot and Procmon
Network Traffic Analysis with Wireshark
Assembly language for x86 architecture
Reverse engineering with IDA Freeware
Reverse engineering with Ghidra
Reverse engineering with x32dbg
Anti-Debugging techniques
Data encoding and obfuscation techniques
Code packing and encryption techniques
Analysis of malicious pdf documents
Analysis of malicious Office documents

Bibliography

Visualizza la bibliografia con Leganto, strumento che il Sistema Bibliotecario mette a disposizione per recuperare i testi in programma d'esame in modo semplice e innovativo.

Didactic methods

Frontal lectures
Practical exercises in the lab

Learning assessment procedures

Students will be assessed based on a project and an oral examination. The project requires to perform:
- Basic static and dynamic analysis of a Windows malware
- Network traffic analysis of the malware
- Reverse engineering of one of the malware functions indicated by the teacher
- Basic static analysis of a malicious Office document
- Basic static analysis of a malicious pdf document

The project can be done in a group of maximum 2 students.

The analysis results have to be presented in a written report formatted according to the template provided by the teacher.

During the oral examination, the students will have to present the steps of the analysis using the virtual machines provided by the teacher. The teacher will ask questions on the performed analysis.

The teacher will publish an excel file detailing the dates and time slots available for oral examination. Students must register to take the oral exam filling their name near the chosen date and time slot.

At the end of the oral examination, the teacher will propose a mark in 30th.

Students with disabilities or specific learning disorders (SLD), who intend to request the adaptation of the exam, must follow the instructions given HERE

Evaluation criteria

The following criteria will be applied to evaluate the students' project.
Basic static analysis of a malware for the Windows operating system
- Students must demonstrate that they can identify the possible behavior of the malware based on the APIs imported by the malware and the strings.
Basic dynamic analysis of a malware for the Windows operating system
- Students must demonstrate that they can identify the behavior of the malware based on the APIs called by the malware, the files or folders created by the malware, and the Windows logs modified by the malware and network traffic generated by malware
Basic static analysis of a malicious Office document
Students must be able to:
- extract the macros present in the document
- identify any obfuscation techniques used to prevent macro analysis
- de-obfuscate the macro
- understand the behavior of the macro from the functions that are called
Basic static analysis of a malicious pdf document
Students must be able to:
- extract the objects present in the document that contain Javascript code
- identify any techniques obfuscation taken to prevent parsing of the Javascript code
- de-obfuscate the script
- understand the behavior of the script.

Criteria for the composition of the final grade

The final mark is equal to the mark assigned to the project in 30th.

Exam language

Italia