Kurivara
Allikas: Lambda
| Sisukord |
Koht, aeg, tulemus
Semester: sügissemester
Tulemus: arvestus
Punkte: 2
Eeldusained: Andmeside protokollid
Loengud üle nädala laupäeval SIVAKis, Filtri tee 12. Esimene loeng on 13. septembril 1000-1330.
SIVAKisse sissessaamiseks tuleb kaasa võtta isikuttõendav dokument!
| 13.09 | 20.09 | 11.10 | 25.10 | 08.11 | 20.11/17:00 | 27.11/17:00 | 04.11/17:00 |
| L | L/P | L/P | L/P | L/P | L/P | L/P | L/P |
Arvestus
Ajad mill mind näha saba esialgselt
!!!!!!! 15 detsember 17:00 SIVAK !!!!!!!
05 jaanuar 17:00 SIVAK 17 jaanuar 10:00 SIVAK
Arvestuse eeldus :
1) Tehtud on esimene ja teine labor 2) osaletud tunis aktiivselt ehk siis tunnis kaasa räägitud või võidetud rootslasi.
Varu varjant on teha ära laborid ja vastata 10-nele kysimusel nn. open book stiilis.
- Arvestuse seis (http://spreadsheets.google.com/pub?key=pO5Vg-tBYza5AlrGlHGGjOA)
Lectures
13.09.2008
* Lectures
* 13 Sept
*Introduction
* What is your experience ?
* Classification
* Virus
* 32 bit
* 64 bit
* Worm
* Rootkit
* Backdoor
* Trojan horse
* Spyware
* Keyloger
* Dialer
* botnet
* Crypter
* Proxy
* Pakkija
* addware
*probable inter dependency
* Trojan
*Packer
* Virus or worm
* Root-kit
* backdoor
* Additional reading concerning classification * [malware-raid07.pdf (http://www.eecs.umich.edu/fjgroup/pubs/malware-raid07.pdf)] * [malware-classification-dimva08.pdf (http://honeyblog.org/junkyard/paper/malware-classification-dimva08.pdf)] * [Automated_Virus_Classification.pdf (http://www.microsoft.com/downloads/details.aspx?FamilyID=d61708bd-ef96-4a53-a8f8-8a1f00c79747&DisplayLang=en)]
20.09.2008
- 20.09.2008 slaidid
- Home reading
- [hunting.for.metamorphic.pdf (http://www.symantec.com/avcenter/reference/hunting.for.metamorphic.pdf)]
11.10.2008
- [Viirused analyysiks (http://rein.saratow.ee/kurivara/)]
- Kes klassis ei saanud k[sib minu k2est otse samal aadressil ka vastused toomas(ätt)huu(punkt)ee
- igal yhel 5 viirust Kasutja root parool smaa mis arvutiklassi root kasutaja
- Abix resursid !!
- [Virustotal (http://www.virustotal.com)]
- [sandboxide artikel + lingid (http://en.wikipedia.org/wiki/Sandbox_(computer_security))]
25.10.2008: Anto Veldre
- Semantika kui distsipliin
- http://semantics.uchicago.edu/kennedy/classes/s06/handouts/supervaluations.pdf
- http://semantics.uchicago.edu/kennedy/classes/
- s06 - s08
- Objektiivne tõde
- http://www.iep.utm.edu/t/truth.htm
8.11.2008: F- Secure Jarno Niemela
Mobile viruses discovery and removal
20.11.2008: Computer forensics
27.11.2008: Network and malware
04.12.2008:
- Sysinternals (http://technet.microsoft.com/en-us/sysinternals/default.aspx)
Additional resources
* Windows Intrusion Discovery Cheat Sheet (http://sans.org/resources/winsacheatsheet.pdf) * Checking Windows for Signs of Compromise (http://www.ucl.ac.uk/cert/win_intrusion.pdf) * Linux Intrusion Discovery Cheat Sheet (http://sans.org/resources/linsacheatsheet.pdf) * Checking Unix/Linux for Signs of Compromise (http://www.ucl.ac.uk/cert/nix_intrusion.pdf) * Security Incident Survey Cheat Sheet for Server Administrators (http://www.zeltser.com/network-os-security/security-incident-survey-cheat-sheet.pdf)
Results of first Labaratory work Must be
- Analyse of 5 Malware samples
* 1) Find what there are
* 2) Send Names and short description What that malware would to do
to Mail address: toomas dot lepik at cert dot ee or huu dot ee
- Installed Virtual Box Intstance in your lab computer (we will use it in future)
