This is the public repository for Introduction to Malware, Threat Hunting and Offensive Capabilities Development It has been taught at Boston University as CS-501, and at Northeastern University as CS-4973/6983
The class introduces students to the wild world of offensive capabilities development and cyber threat hunting by taking on the role of both attacker and defender to better understand various stages of cyber attacks. Focusing on the Windows operating system, students will analyze malware deployed by a simulated threat actor APT-Ch0nkyBear in addition to creating their own tools to emulate their capabilities.
After spending a fair amount of time tearing apart implants, students will work to create a simple implant complete with basic functionality and a multi user C2 server.
- All notes, assignment READMEs and extra content is contained in the ObsidianVault directory. To open this, please download obsidian.md.
- Navigate to ObsidianVault/MalwareCourse/MalwareLab/Sandbox.md and follow the directions there for setting up the course sandbox.
- Lecture Recordings: Inclues links to current recordings for the class.
- Syllabus
- Memes: Contains all images (memes or otherwise) used during the lectures
- SlidesRaw: contains the course slides built with Advanced Slides
- Slides: Contains the Reveal.js slides
- Assignments: Contains starter code/files required to complete homework assignments
Questions, comments? Feel free to reach out on Discord
@k111b222s333e444c555
Remove the numbers :-)
Like the courrse and want to express your gratitude? In lieu of payment, show your appreciation by
-
- hiring one of my many wonderful students
-
- send a student to a security conference
-
- give a talk
-
- buy us pizza :-)
Special thanks to Ari, Leo, and Wayne for making this course possible!
Dedicated to Mike Murray. Without you, I wouldn't be where I am today.
See branches
archived: https://github.com/kbsec/CS-501-2021