![๐๐ก๐ฒ ๐๐ก๐จ๐จ๐ฌ๐ ๐ฎ๐ฌ ๐๐จ๐ซ ๐
๐ข๐ง๐๐ง๐๐?
โ
๐
๐ข๐ง๐๐ง๐๐ ๐๐ง๐๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐๐จ๐ฅ๐ฎ๐ญ๐ข๐จ๐ง๐ฌ: เคนเคพเคฎเฅ เคคเคชเคพเคเคเคเฅ เคตเคฟเคคเฅเคคเฅเคฏ เคตเคฟเคถเฅเคฒเฅเคทเคฃเคฒเคพเค เคธเคนเฅ เคฆเคฟเคถเคพ เคฆเคฟเคจเฅเคเฅเคโเคฌเคเฅเค, เคจเคเคฆ เคชเฅเคฐเคตเคพเคน, เคฐ เคเฅเคเคฟเคฎ เคฎเฅเคฒเฅเคฏเคพเคเฅเคเคจเคฎเคพ เคตเคฟเคถเฅเคทเคเฅเคเคคเคพเฅค
โ
๐๐ฎ๐๐ ๐๐ญ ๐๐ฅ๐๐ง๐ง๐ข๐ง๐ : เคคเคชเคพเคเคเคเฅ เคตเคฟเคคเฅเคคเฅเคฏ เคฒเคเฅเคทเฅเคฏเคนเคฐเฅ เคนเคพเคธเคฟเคฒ เคเคฐเฅเคจเคเคพ เคฒเคพเคเคฟ เค เฅเคธ เคฐ เคธเคเฅเค เคฌเคเฅเค เคฌเคจเคพเคเคจเฅเฅค
โ
๐
๐ข๐ง๐๐ง๐๐ข๐๐ฅ ๐๐๐ฉ๐จ๐ซ๐ญ๐ข๐ง๐ : เคธเคนเฅ, เคชเคพเคฐเคฆเคฐเฅเคถเฅ, เคฐ เคธเคฎเคฏเคฎเฅ เคตเคฟเคคเฅเคคเฅเคฏ เคฐเคฟเคชเฅเคฐเฅเคเคฟเคเฅเค เคชเฅเคฐเคฃเคพเคฒเฅเคฎเคพ เคฎเคฆเฅเคงเคค เคเคฐเฅเคฆเคเฅเคเฅค
โ
๐
๐ข๐ง๐๐ง๐๐ข๐๐ฅ ๐๐ฅ๐๐ง๐ง๐ข๐ง๐ ๐๐ง๐ ๐๐ง๐ฏ๐๐ฌ๐ญ๐ฆ๐๐ง๐ญ ๐๐จ๐ง๐ฌ๐ฎ๐ฅ๐ญ๐๐ง๐๐ฒ: เคนเคพเคฎเฅ เคคเคชเคพเคเคเคฒเคพเค เคธเคนเฅ เคจเคฟเคตเฅเคถ เคฐเคฃเคจเฅเคคเคฟเคนเคฐเฅ เคเคจเฅเค เคเคฐเฅเคจ เคฐ เคฎเฅเคจเคพเคซเคพ เค
เคงเคฟเคเคคเคฎ เคเคฐเฅเคจ เคธเคนเคฏเฅเค เคเคฐเฅเคเฅเคเฅค
โ
๐
๐ข๐ง๐๐ง๐๐ข๐๐ฅ ๐๐ก๐๐จ๐ซ๐ฒ ๐๐ง๐ ๐๐๐๐ญ๐ข๐๐๐ฅ ๐๐๐ญ๐ก๐จ๐๐จ๐ ๐ฒ: เคตเคฟเคคเฅเคคเฅเคฏ เคธเคฟเคฆเฅเคงเคพเคจเฅเคค เคฐ เคตเฅเคฏเคพเคตเคนเคพเคฐเคฟเค เคคเคฐเคฟเคเคพเคฎเคพ เคฌเคฒเคฟเคฏเฅ เคชเคเคกเคผ เคฐเคพเคเฅเคเฅเคเฅค
โ
๐๐ฑ๐ฉ๐๐ซ๐ญ ๐๐จ๐ง๐ฌ๐ฎ๐ฅ๐ญ๐๐ง๐๐ฒ ๐๐จ๐ซ ๐๐ข๐ง๐๐ข๐ง๐ ๐๐จ๐ฆ๐ฉ๐ฅ๐๐ญ๐ ๐
๐ข๐ง๐๐ง๐๐ข๐๐ฅ ๐๐จ๐ฅ๐ฎ๐ญ๐ข๐จ๐ง๐ฌ: เคนเคพเคฎเฅ เคคเคชเคพเคเคเคเฅ เคธเคฌเฅ เคตเคฟเคคเฅเคคเฅเคฏ เคธเคฎเคพเคงเคพเคจเคเฅ เคฒเคพเคเคฟ เคชเฅเคถเฅเคตเคฐ เคฎเคพเคฐเฅเคเคฆเคฐเฅเคถเคจ เคฐ เคธเคนเคพเคฏเคคเคพ เคชเฅเคฐเคฆเคพเคจ เคเคฐเฅเคเฅเคเฅค
๐Assignment Nepal โ
ๅฝก[ ๐ฌ๐ฉ๐๐๐ข๐๐ฅ๐ข๐ณ๐๐ ๐ข๐ง]ๅฝกโ
:
Tribhuvan University
Purbanchal University
Nepal Open University
British College
๐ ๐๐๐ซ๐ฏ๐ข๐๐๐ฌ ๐๐ง๐๐ฅ๐ฎ๐๐:
Assignments, Essays, and Case Studies
Project Reports
Coding Tutorials
Business Proposals
๐ผ ๐๐ฑ๐ฉ๐๐ซ๐ญ๐ข๐ฌ๐:
Undergraduate to Doctorate Levels
๐ก๏ธ ๐๐ฎ๐๐ฅ๐ข๐ญ๐ฒ ๐๐ฎ๐๐ซ๐๐ง๐ญ๐๐๐:
Accurate and Plagiarism-Free Work
๐ฌ Support:
24x7 Support
๐ โ โ โ โ
โ โ โ โ๐ ๐๐ฅ๐๐๐ฅ ๐ฆ๐ค ๐ฅ๐ ๐๐ฃ๐๐๐ฃ: โ โ โ
โ
โ โ โ
๐ชฉ ๐๐๐ค๐ฅ๐๐๐ฃ๐๐: @assignment__nepal
๐
Facebook: www.facebook.com/assignmentnepal
Email: price@assignmentnepal.com
Website: www.assignmentnepal.com
#PlagiarismFree #StudyTips #NepalSupport #NewZealandAssignmentHelp #BritishCollege #GradeBooster #AssignmentNepalHelp](https://assignmentnepal.com/wp-content/plugins/instagram-feed/img/placeholder.png)
Softwarica College of IT & E-Commerce 
ST6052CEM Reverse Engineering
Assignment Brief 2024/25
|
Module Title Reverse Engineering |
Ind/Group Ind |
Cohort Sep 2024- Regular |
Module Code ST6052CEM |
|
|---|---|---|---|---|
|
Coursework Title ST6048CEM Coursework Component |
Hand out date: 24 January,2025 |
|||
|
Module Leader Prashant Shrestha |
Due date: 5 March,2025 |
|||
|
Estimated Time (hrs): ST6048CEM Expects 100 hours of self-study over the semester. Word Limit*: N/A |
Coursework type: Coursework 2 |
% Of Module Mark CW2 – Practical Dynamic Analysis report writing: 50% |
||
|
Submission arrangement online via Schoolworkspro: Upload through Schoolworkspro portal Mark and Feedback date: TBD Mark and Feedback method: All marks and written feedback will be given via Schoolworkspro |
||||
|
Module Learning Outcomes Assessed: 1.Demonstrate understanding of link between compiled software and the source code it is generated from 2. Analyze communication, processing, and network data to derive the underlying protocol 3. Make use of tools to examine the memory state of a running process with the aim of deriving the underlying algorithm 4. Examine and evaluate the differences in tools used for reverse engineering, patching and binary mangling. |
|---|
|
Tasks and Mark distribution: a. Coursework 1- Practical Static Reverse Engineering Report writing (50%) b. Coursework 2- Practical Dynamic Analysis report writing (50%) These make up 100% of the module mark. |
|
1. Coursework 2 – Practical Dynamic Analysis report writing: 50% |
|---|
50% of the final assessment will be done with a report around 2500 words on Dynamic Analysis of a given malware sample. The malware sample and hash will be provided later.
Scenario:
โ Scenario Background:
โ You are a malware analyst at SecureNet Solutions. Recently, InnovateTech Inc. reported unusual activity on one of their employee’s workstations, suspecting it to be the result of malware. They managed to isolate a suspicious executable and have requested a thorough dynamic analysis. Your job is to uncover the true nature of this file, determine its capabilities, and assess the potential threat it poses to their network.
โ
โ Coursework Task:
โ Objective:
โ Conduct a comprehensive dynamic analysis of the provided malware sample. Your findings should be compiled into a detailed report aimed at both technical teams and senior management. Additionally, record a short video demonstrating key aspects of the dynamic analysis process.
โ Report Requirements:
โ Overview:
โ Summarize the main objectives of your analysis. Provide a brief description of the malware, its origin (if known), and potential risks to the organization.
โ File Information:
โ Include all relevant information about the malware sample, such as file size, hash values, and file signature. Discuss any anomalies or indicators that suggest it might be packed or obfuscated.
โ Process Graph:
โ Visualize the process tree during the malware execution. Highlight any unusual or suspicious child processes that may indicate malicious activity.
โ Initial Analysis:
โ Start with a static analysis. Identify the custom packing mechanism used in the malware. Extract the packed executable and briefly describe the unpacking process.
โ Detailed Technical Analysis:
o Self-Defense and Persistence Mechanisms:
โ Document any self-defense mechanisms the malware employs, such as anti debugging or anti-VM techniques. Identify how the malware achieves persistence on the infected system.
o Capabilities of the Malware:
โ Analyze the dynamic behavior of the malware. Identify and document its capabilities, such as data exfiltration, keylogging, or spreading mechanisms. Discuss the potential impact if these capabilities were fully exploited in a real-world scenario.
โ Recommendations:
โ Offer practical recommendations to mitigate the identified risks. Suggest immediate steps for containment and long-term strategies for preventing similar threats in the future.
โ Conclusion and Summary:
โ Summarize your findings and the potential implications for InnovateTech Inc.. Reinforce the urgency of your recommendations and the need for prompt action. โ Additional Requirements:
โ Screenshots:
โ Include relevant screenshots throughout your report to provide visual evidence of your findings.
โ Video Demonstration:
โ Record a 5-10 minute video demonstrating the dynamic analysis process. Focus on key aspects such as unpacking the malware, observing its behavior in a controlled environment, and identifying self-defense mechanisms. Ensure that the video is clear and informative for viewers with varying levels of technical expertise.
โ References:
โ Cite all tools, frameworks, or external resources used during your analysis. The malware for the assignment will be uploaded here: Reverse Engineering
Your report should be a detailed discussion and evaluation of the tools, finding and techniques. As a guide, your paper should be about 2500 words (excluding references).
Care should be taken to ensure that your report is unbiased and accurately referenced using the APA 7th (Coventry University) referencing system (see attached sheet for an explanation of this and potential sources of help).
Your report should be appropriately sectioned, well-structured and should clearly set out your own analysis and conclusions. Your conclusions should be backed up by well reasoned arguments and should be suitably illustrated with appropriate examples. It is not enough to regurgitate or summarize material found in literature. A reference list must be included at the end of the research paper.
You should submit your paper as a PDF file formatted precisely as specified in the instructions for publication (these instructions are available via Schoolworkspro)
Note:
The Individual Coursework is assessed by module leader that take place at the end of the semester by giving some configuration work in the Lab. Students should attend their allocated slot and can only take the at another time under exceptional circumstances with permission of their Course Director.
1. Students are encouraged to use their own user-defined data structure rather than built-in data structure of given language.
|
2. You are expected to use the Coventry University APA style for referencing. For support and advice on this, students can contact Centre for Academic Writing (CAW). 3. Please notify your academic services team and module leader for disability support. 4. The college cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the cloud based services. 5. If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader. 6. Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both coursework and exam answers. 7. A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework assignment is entirely your own work. 8. If you make use of the services of a proof reader in your work you must keep your original version and make it available as a demonstration of your written efforts. 9. You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this college, with the exception of resits, where for the coursework, you may be asked to rework and improve a previous attempt. This requirement will be specifically detailed in your assignment brief or specific course or module information. Where earlier work by you is citable, i.e., it has already been published/submitted, you must reference it clearly. Identical pieces of work submitted concurrently may also be considered to be self-plagiarism. |
|---|
Learning Outcomes matrix:
|
Question No. |
Learning Outcomes Assessed |
|---|---|
|
CW2 – Practical Dynamic Analysis report writing 50% |
1,2, and 4 |
Mark allocation guideline to students
|
0-39 |
40-49 |
50-59 |
60-69 |
70+ |
80+ |
|---|---|---|---|---|---|
|
Work mainly incomplete and /or weaknesses in most areas |
Most elements completed; weaknesses outweigh strengths |
Most elements are strong, minor weaknesses |
Strengths in all elements |
Most work exceeds the standard expected |
All work substantially exceeds the standard expected. |
Mark allocation guidelines to students: marking rubric for CW2 – Practical Dynamic Analysis report writing: 50%
Pass marks will be awarded for dissatisfactory assessment of the given software, with rudimentary explanation with no use of proper tools and weak reporting skills.
Good marks will be awarded for satisfactory assessment of the given software, with good explanation with use proper tools and proper reporting skills.
Excellent marks will be awarded for comprehensive assessment of the given software, with excellent tooling knowledge, and excellent reporting skills and documentation.
The table below shows the detailed marks breakdown that you can achieve by completing the different aspects of the assignment.
|
Assessment (20) Assessment of the given software |
5 No identification of the packer/compiler, persistence techniques, and steps required to reverse the binary. |
10 Satisfactory identification of the packer/compiler persistence techniques, and steps required to reverse the binary but not clear and thorough. |
15 Comprehensive assessment with satisfactory identification of the packer/compiler persistence techniques, and steps required to reverse the binary |
20 Clear identification of the packer used persistence techniques, and detailed steps to unpack the binary are provided. |
|---|---|---|---|---|
|
Screenshot and Process (40) Reverse Engineering process demonstrated with screenshots. |
5 No screenshots or process documentation are provided. |
15 Screenshots and process documentation are provided, but they are not clear or thorough. |
25 Clear screenshots and detailed process documentation are provided for static analysis. |
40 Clear screenshots and detailed process documentation are provided with new variable names and comments for static analysis. |
|
Exfiltration Domain and Process(15) Evaluating and justifying exfiltration |
5 No identification or description of the |
10 Evaluation shows some understanding of the exfiltration |
15 The domain used for exfiltration is identified but the |
|
or exploit process and technology, port, protocol. |
exfiltration domain is provided. |
process and extraction. |
description is clear or thorough. |
|
|---|---|---|---|---|
|
Overall Presentation (15) |
5 The report is disorganized, difficult to follow, and/or contains numerous errors in grammar or spelling. |
10 The report is organized and presented adequately but could be more concise and/or contain some errors in grammar or spelling. |
15 The report is well organized, easy to follow, and clearly presented with proper grammar and spelling. |
|
|
Video Presentation (10 points) |
5 The video is unclear, lacks focus, and fails to effectively demonstrate the dynamic analysis process. |
7 The video presentation is somewhat clear but lacks thoroughness in demonstrating the dynamic analysis process. |
10 The video is clear, well-structured, and thoroughly demonstrates the dynamic analysis process, including key steps and findings. |
