Information Security Technology
Course Details
KTO KARATAY UNIVERSITY
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details
Trade and Industry Vocational School
Programme of Information Security Technology
Course Details
| Course Code | Course Name | Year | Period | Semester | T+A+L | Credit | ECTS |
|---|---|---|---|---|---|---|---|
| 08131110 | Malware Analysis and Reverse Engineering | 2 | Autumn | 3 | 2+2+0 | 5 | 5 |
| Course Type | Elective |
| Course Cycle | Associate (Short Cycle) (TQF-HE: Level 5 / QF-EHEA: Short Cycle / EQF-LLL: Level 5) |
| Course Language | Turkish |
| Methods and Techniques | - |
| Mode of Delivery | Face to Face |
| Prerequisites | - |
| Coordinator | - |
| Instructor(s) | Lect. Merve AKIN |
| Instructor Assistant(s) | - |
Course Instructor(s)
| Name and Surname | Room | E-Mail Address | Internal | Meeting Hours |
|---|---|---|---|---|
| Lect. Merve AKIN | C-129 | [email protected] | 7869 | Wednesday 14.00-16.00 |
Course Content
The course content focuses on the two main methodologies of malware analysis: Static Analysis (examining code without execution) and Dynamic Analysis (executing code in a virtual environment). Students learn to identify different malware types, such as Viruses, Trojans, and Ransomware. The curriculum covers the fundamentals of x86 Assembly language and the use of core reverse engineering tools like Disassemblers (IDA Pro, Ghidra) and Debuggers (x64dbg). Additionally, critical topics include techniques for bypassing malware concealment methods (obfuscation, packing) and the process of properly reporting analysis findings.
Objectives of the Course
The main goal of the "Malware Analysis and Reverse Engineering" course is to provide students with the necessary theoretical knowledge and practical skills to understand how malicious software (malware), a critical part of modern cyber threats, operates. The course aims to equip students with the ability to examine (analyze) and decipher the structure (reverse engineer) such software in a secure environment, thereby uncovering the attacker's intent, capabilities, and targets. Ultimately, this preparation allows future cybersecurity specialists to develop effective defense strategies against both known and zero-day threats.
Contribution of the Course to Field Teaching
| Basic Vocational Courses | |
| Specialization / Field Courses | X |
| Support Courses | |
| Transferable Skills Courses | X |
| Humanities, Communication and Management Skills Courses |
Relationships between Course Learning Outcomes and Program Outcomes
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Program Learning Outcomes | Level |
|---|---|---|
| P1 | He/she has basic, current and practical knowledge about his/her profession. | 5 |
| P3 | Follows current developments and practices for his/her profession and uses them effectively. | 4 |
| P11 | Explains and applies data security and encryption methods. | 4 |
| P13 | Identifies and fixes security vulnerabilities in computer and software systems. | 3 |
Course Learning Outcomes
| Upon the successful completion of this course, students will be able to: | |||
|---|---|---|---|
| No | Learning Outcomes | Outcome Relationship | Measurement Method ** |
| O1 | P.1.1 | 1,3 | |
| O2 | P.11.1 | 1,3 | |
| O3 | P.1.5 | 1,3 | |
| O4 | P.11.2 | 1,3 | |
| O5 | P.3.1 | 1,3 | |
| O6 | P.3.4 | 1,3 | |
| O7 | P.13.1 | 1,3 | |
| O8 | P.13.2 | 1,3 | |
| ** Written Exam: 1, Oral Exam: 2, Homework: 3, Lab./Exam: 4, Seminar/Presentation: 5, Term Paper: 6, Application: 7 | |||
Weekly Detailed Course Contents
| Week | Topics |
|---|---|
| 1 | Introduction to Cybersecurity, Types and History of Malware |
| 2 | Introduction to Reverse Engineering: Ethics, Legal Status, and Core Concepts |
| 3 | Malware Lab Setup: Virtual Machines and Secure Lab Environment |
| 4 | Windows Fundamentals: PE Format, DLLs, Windows API, and Compilation |
| 5 | Static Analysis I: File Properties, Hashing, and String Analysis |
| 6 | Dynamic Analysis I: Behavioral Analysis and System Monitoring Tools (ProcMon, Regshot) |
| 7 | Quiz + General Review |
| 8 | Midterm Exam |
| 9 | x86 Assembly Language Fundamentals: Registers, Instructions, and Memory |
| 10 | Static Analysis II: Using Disassemblers (IDA Free / Ghidra) and Understanding Code Flow |
| 11 | Dynamic Analysis II: Using Debuggers (x64dbg), Breakpoints, and Stepping |
| 12 | Malware Functionality: File Operations, Network Communication, and Code Injection |
| 13 | Concealment and Protection Techniques I: Encryption and Packers |
| 14 | Concealment and Protection Techniques II: Anti-Debugging and Anti-Virtual Machine Detection |
| 15 | Quiz + General Review |
| 16 | Final Exam |
Textbook or Material
| Resources | Dennis Yurichev, "Reverse Engineering for Beginners" |
| Eldad Eilam, "Reversing: Secrets of Reverse Engineering" | |
| SANS Enstitüsü Blogları ve Kaynakları (FOR610 Konuları) | |
| Michael Sikorski & Andrew Honig, "Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software" |
Evaluation Method and Passing Criteria
| In-Term Studies | Quantity | Percentage |
|---|---|---|
| Attendance | - | - |
| Laboratory | - | - |
| Practice | - | - |
| Field Study | - | - |
| Course Specific Internship (If Any) | - | - |
| Homework | 10 | 10 (%) |
| Presentation | - | - |
| Projects | - | - |
| Seminar | - | - |
| Quiz | 2 | 20 (%) |
| Listening | - | - |
| Midterms | 1 | 30 (%) |
| Final Exam | 1 | 40 (%) |
| Total | 100 (%) | |
ECTS / Working Load Table
| Quantity | Duration | Total Work Load | |
|---|---|---|---|
| Course Week Number and Time | 16 | 4 | 64 |
| Out-of-Class Study Time (Pre-study, Library, Reinforcement) | 14 | 3 | 42 |
| Midterms | 1 | 6 | 6 |
| Quiz | 2 | 3 | 6 |
| Homework | 10 | 2 | 20 |
| Practice | 0 | 0 | 0 |
| Laboratory | 0 | 0 | 0 |
| Project | 0 | 0 | 0 |
| Workshop | 0 | 0 | 0 |
| Presentation/Seminar Preparation | 0 | 0 | 0 |
| Fieldwork | 0 | 0 | 0 |
| Final Exam | 1 | 12 | 12 |
| Other | 0 | 0 | 0 |
| Total Work Load: | 150 | ||
| Total Work Load / 30 | 5 | ||
| Course ECTS Credits: | 5 | ||
Course - Learning Outcomes Matrix
| Relationship Levels | ||||
| Lowest | Low | Medium | High | Highest |
| 1 | 2 | 3 | 4 | 5 |
| # | Learning Outcomes | P1 | P3 | P11 | P13 |
|---|---|---|---|---|---|
| O1 | Bilişim güvenliği temel kavramlarını tanımlar. | 5 | 4 | 4 | 4 |
| O2 | Güncel güvenlik trendlerini analiz eder. | 5 | 5 | 4 | 4 |
| O3 | Alanındaki yenilikleri ve gelişmeleri düzenli olarak takip eder ve mesleki gelişimine uygular. | 4 | 5 | 4 | 4 |
| O4 | Güncel siber tehditler hakkında bilgi sahibidir. | 5 | 5 | 4 | 5 |
| O5 | Veri güvenliğinin temel prensiplerini ve amacını tanımlar. | 5 | 4 | 5 | 3 |
| O6 | Şifreleme algoritmalarının çalışma prensiplerini açıklar. | 5 | 4 | 5 | 3 |
| O7 | Yazılım ve sistemlerdeki yaygın güvenlik açıklarını ve bu açıkların nedenlerini açıklar. | 5 | 4 | 4 | 5 |
| O8 | Güvenlik açıklarını bulmak için kullanılan temel analiz ve tarama araçlarını kullanabilir. | 5 | 5 | 4 | 5 |