Studying at the University of Verona
Here you can find information on the organisational aspects of the Programme, lecture timetables, learning activities and useful contact details for your time at the University, from enrolment to graduation.
Academic calendar
The academic calendar shows the deadlines and scheduled events that are relevant to students, teaching and technical-administrative staff of the University. Public holidays and University closures are also indicated. The academic year normally begins on 1 October each year and ends on 30 September of the following year.
Course calendar
The Academic Calendar sets out the degree programme lecture and exam timetables, as well as the relevant university closure dates..
| Period | From | To |
|---|---|---|
| Primo semestre | Oct 3, 2022 | Jan 27, 2023 |
| Secondo semestre | Mar 6, 2023 | Jun 16, 2023 |
Exam calendar
Exam dates and rounds are managed by the relevant Science and Engineering Teaching and Student Services Unit.
To view all the exam sessions available, please use the Exam dashboard on ESSE3.
If you forgot your login details or have problems logging in, please contact the relevant IT HelpDesk, or check the login details recovery web page.
Should you have any doubts or questions, please check the Enrolment FAQs
Academic staff
Study Plan
The Study Plan includes all modules, teaching and learning activities that each student will need to undertake during their time at the University. Please select your Study Plan based on your enrolment year.
| Modules | Credits | TAF | SSD |
|---|
1° Year
2° Year
| Modules | Credits | TAF | SSD |
|---|
| Modules | Credits | TAF | SSD |
|---|
Legend | Type of training activity (TTA)
TAF (Type of Educational Activity) All courses and activities are classified into different types of educational activities, indicated by a letter.
Malware (2022/2023)
Teaching code
4S003738
Credits
6
Coordinatore
Language
Italian
Scientific Disciplinary Sector (SSD)
INF/01 - INFORMATICS
The teaching is organized as follows:
Teoria
Laboratorio
Learning objectives
The course aims to provide the theoretical and practical bases of the malevolent code. In particular, the course proposes techniques for the definition and classification of malicious code, analysis of malicious code and risk management. At the end of the course, the student will have the necessary knowledge to understand the nature and evolution of the malicious code, anti-detection techniques and risk profiles. Furthermore, it will be able to perform reverse engineering of malicious code, identifying its essential components. This knowledge will allow the student to classify the threats and their evolution deriving from malicious code based attacks. The student will then be able to continue his/her studies autonomously in the field of computer security, studying new malicious codes and the respective countermeasures to mitigate their effects.
Prerequisites and basic notions
Attended the course Foundations of Security and Privacy
Program
Types of Malware
Cyber Kill Chain of a Malware attack
Introduction to malware analysis
How to set up a VM to perform malware analysis
Basic static analysis
Portable Executable Format
Static analysis of Portable Executable Format with PEStudio
Analyzing the behavior of a malware based on imported APIs
Basic Dynamic Analysis with Regshot and Procmon
Network Traffic Analysis with Wireshark
Assembly language for x86 architecture
Reverse engineering with IDA Freeware
Reverse engineering with Ghidra
Reverse engineering with x32dbg
Anti-Debugging techniques
Data encoding and obfuscation techniques
Code packing and encryption techniques
Analysis of malicious pdf documents
Analysis of malicious Office documents
Bibliography
Didactic methods
Frontal lectures
Practical exercises in the lab
Learning assessment procedures
Students will be assessed based on a project and an oral examination. The project requires to perform:
- Basic static and dynamic analysis of a Windows malware
- Network traffic analysis of the malware
- Reverse engineering of one of the malware functions indicated by the teacher
- Basic static analysis of a malicious Office document
- Basic static analysis of a malicious pdf document
The project can be done in a group of maximum 2 students.
The analysis results have to be presented in a written report formatted according to the template provided by the teacher.
During the oral examination, the students will have to present the steps of the analysis using the virtual machines provided by the teacher. The teacher will ask questions on the performed analysis.
The teacher will publish an excel file detailing the dates and time slots available for oral examination. Students must register to take the oral exam filling their name near the chosen date and time slot.
At the end of the oral examination, the teacher will propose a mark in 30th.
Evaluation criteria
The following criteria will be applied to evaluate the students' project.
Basic static analysis of a malware for the Windows operating system
- Students must demonstrate that they can identify the possible behavior of the malware based on the APIs imported by the malware and the strings.
Basic dynamic analysis of a malware for the Windows operating system
- Students must demonstrate that they can identify the behavior of the malware based on the APIs called by the malware, the files or folders created by the malware, and the Windows logs modified by the malware and network traffic generated by malware
Basic static analysis of a malicious Office document
Students must be able to:
- extract the macros present in the document
- identify any obfuscation techniques used to prevent macro analysis
- de-obfuscate the macro
- understand the behavior of the macro from the functions that are called
Basic static analysis of a malicious pdf document
Students must be able to:
- extract the objects present in the document that contain Javascript code
- identify any techniques obfuscation taken to prevent parsing of the Javascript code
- de-obfuscate the script
- understand the behavior of the script.
Criteria for the composition of the final grade
The final mark is equal to the mark assigned to the project in 30th.
Exam language
Italia
Type D and Type F activities
Le attività formative di tipologia D sono a scelta dello studente, quelle di tipologia F sono ulteriori conoscenze utili all’inserimento nel mondo del lavoro (tirocini, competenze trasversali, project works, ecc.). In base al Regolamento Didattico del Corso, alcune attività possono essere scelte e inserite autonomamente a libretto, altre devono essere approvate da apposita commissione per verificarne la coerenza con il piano di studio. Le attività formative di tipologia D o F possono essere ricoperte dalle seguenti attività.
1. Insegnamenti impartiti presso l'Università di Verona
Comprendono gli insegnamenti sotto riportati e/o nel Catalogo degli insegnamenti (che può essere filtrato anche per lingua di erogazione tramite la Ricerca avanzata).
Modalità di inserimento a libretto: se l'insegnamento è compreso tra quelli sottoelencati, lo studente può inserirlo autonomamente durante il periodo in cui il piano di studi è aperto; in caso contrario, lo studente deve fare richiesta alla Segreteria, inviando a carriere.scienze@ateneo.univr.it il modulo nel periodo indicato.
2. Attestato o equipollenza linguistica CLA
Oltre a quelle richieste dal piano di studi, per gli immatricolati dall'A.A. 2021/2022 vengono riconosciute:
- Lingua inglese: vengono riconosciuti 3 CFU per ogni livello di competenza superiore a quello richiesto dal corso di studio (se non già riconosciuto nel ciclo di studi precedente).
- Altre lingue e italiano per stranieri: vengono riconosciuti 3 CFU per ogni livello di competenza a partire da A2 (se non già riconosciuto nel ciclo di studi precedente).
Tali cfu saranno riconosciuti, fino ad un massimo di 6 cfu complessivi, di tipologia F se il piano didattico lo consente, oppure di tipologia D. Ulteriori crediti a scelta per conoscenze linguistiche potranno essere riconosciuti solo se coerenti con il progetto formativo dello studente e se adeguatamente motivati.
Gli immatricolati fino all'A.A. 2020/2021 devono consultare le informazioni che si trovano qui.
Modalità di inserimento a libretto: richiedere l’attestato o l'equipollenza al CLA e inviarlo alla Segreteria Studenti - Carriere per l’inserimento dell’esame in carriera, tramite mail: carriere.scienze@ateneo.univr.it
3. Competenze trasversali
Scopri i percorsi formativi promossi dal TALC - Teaching and learning center dell'Ateneo, destinati agli studenti regolarmente iscritti all'anno accademico di erogazione del corso https://talc.univr.it/it/competenze-trasversali
Modalità di inserimento a libretto: non è previsto l'inserimento dell'insegnamento nel piano di studi. Solo in seguito all'ottenimento dell'Open Badge verranno automaticamente convalidati i CFU a libretto. La registrazione dei CFU in carriera non è istantanea, ma ci saranno da attendere dei tempi tecnici.
4. Periodo di stage/tirocinio
Oltre ai CFU previsti dal piano di studi (verificare attentamente quanto indicato sul Regolamento Didattico): qui informazioni su come attivare lo stage.
Insegnamenti e altre attività che si possono inserire autonomamente a libretto
Modules not yet included
Career prospects
Module/Programme news
News for students
There you will find information, resources and services useful during your time at the University (Student’s exam record, your study plan on ESSE3, Distance Learning courses, university email account, office forms, administrative procedures, etc.). You can log into MyUnivr with your GIA login details.
Further services
I servizi e le attività di orientamento sono pensati per fornire alle future matricole gli strumenti e le informazioni che consentano loro di compiere una scelta consapevole del corso di studi universitario.
Graduation
List of theses and work experience proposals
Attendance
As stated in point 25 of the Teaching Regulations for the A.Y. 2021/2022, attendance at the course of study is not mandatory.Please refer to the Crisis Unit's latest updates for the mode of teaching.
