- Manipulate and analyse the execution of a running program, using a debugger appropriately
- Apply tools and techniques as appropriate to infer the overall high level function of executable code
- Deploy tools and techniques as appropriate to infer the overall high level function of communications traffic
- Identify common patterns of code obfuscation and apply appropriate tools and techniques to reduce or remove them
- Apply appropriate risk management techniques when handling potential malware
Modern programming approaches typically abstract the things the developer needs to create away from the instructions that will execute on the machine. These high levels of abstraction use code generation programs such as compilers and assemblers to take the human author's input, and produce code that will execute as output. The modern programmer rarely needs to consider the underlying architecture of the machine that will execute the code.
There are situations where, rather than creating an executable from source, you need to go in the opposite direction; you need to infer what the source code might look like by analysing the executable. Maybe you have some potential malware; maybe you have an executable for which you no longer have the source. Either way, you want to know what the program will do, were it to run on your system.
In order to reverse back from the executable to the original, you need to understand the typical idioms that an operating system, architecture and code generation programs will adopt to convert high level constructs into low level executables.
If the executable is malware, then it is likely the authors will have strewn this road you wish to reverse with obfuscating hazards. Under these circumstances you need to understand the typical idioms of obfuscation.
This module will enable you to reverse back from the detail of the executable instance to infer what the overall pattern of behaviour might be. In a similar manner, it will develop your ability to reverse back from the detail of numerous individual network packets to infer what the overall pattern of traffic might represent.
Module content will cover:
- executable code from a variety of perspectives
- assembly language programming
- machine-level instruction set and organisation
- reverse engineering techniques
- reverse engineering for malware analysis
- reverse engineering communications
- de-obfuscation of obfuscated code
- common tools for reverse engineering
- anti-debugging mechanisms
Delivery and assessment
8 half-day sessions will be regularly spaced across Year 3. Within each half day session, there will be a mix of lecture, tutorial and practical activity.
Assessment is 100% coursework for this module.
A level: AAB (STEM subjects preferred)
IB: 36 points (STEM subjects preferred), with a minimum of 4 in English
Degree of Bachelor of Science (BSc)
3 years full time (30 weeks per academic year)
Find out more about fees and funding
How to apply Undergraduate admissions