CYBR 473 (2024) - Assignments
Assignment 1 (30%)
The first assessment is due on Sunday- Doing the assignment:
- Instructions for completing the assignment.
- Password to unencrypt the malware is
infected
. - Do not unpack the malware on any ECS or Digital Services system, you might end up being quarantined!
- Virtual machines:
- Direct link on ECS systems is
/vol/vb/CYBR473/Windows7-cybr473_2024.ova
- REMnux Linux distribution (5gb OVA): a Linux to a distribution with pre-installed malware analysis tools) required for the analysis of network-related activities (this VM will also be used in Assignment 2).
- Setting up a local area network with multiple VMs
- We recommend storing these virtual machine images on the scratch drive when using the lab machines. You will want to create a subdirectory to make it easier to distinguish your VM from any other users, e.g. Alice would create one called
/local/scratch/alice
. Be warned that the total space to store these two VMs is around 27GBs and you may need more temporary space when running them. Do not save to your own ECS filesystem (your/home/
folder) because you will quickly run out of space.
- Direct link on ECS systems is
- Recording your demonstration video:
- Uploading your own video:
- You can also record using your favourite tool and upload to panopto instead.
- Panopto supports resolution of HD 720p (720x1080) or 1080p (1080x1920) and only the MP4 or MOV format.
- Template
- It is recommended to use LaTex (see https://www.overleaf.com), and using this LaTeX template to complete the reflection part (maximum 5 pages including figures and references). If you prefer, you can use MS Word, however, just make sure to convert to a pdf file at the end.
- FAQ
- Submission links:
- Submitting your demonstration videos: access the folder to put your videos in from
Nuku
,Vstream Videos
, click onAssignment1
on the top. - Submission link for written reflection: make sure that is a
PDF
file
- Submitting your demonstration videos: access the folder to put your videos in from
Assignment 2 (30%)
The second assessment is due Sunday-
- Instructions for completing the assignment.
- Local copy of putty.exe
- MysteriousMalware.zip containing malware to analyze. Password to decrypt the malware is
infected
. Do not unpack the malware on any ECS or Digital Services system, you might end up being quarantined!
- Virtual machines:
- Make sure you save the following VMs and their
OVA
files to/local/scratch/your_name/
on the lab machines to avoid running out of space in your filesystem. Do not store anyOVA
file or create a VM on you/home/
folder. - Direct link on ECS systems is
/vol/vb/CYBR473/Windows7-cybr473_2024.ova
- Remnux Linux distribution.
- Setting up a local area network with multiple VMs
- Make sure you save the following VMs and their
- Template
- Use the LaTeX template to complete the reflection part (maximum 5 pages including figures and tables, but references, list of tools, appendices, and links to demo files are excluded).
- Submission links:
- Submitting your demonstration videos: access the folder to put your videos in from
Nuku
,Vstream Videos
, click onAssignment2
on the top. - Submission link for written reflection - make sure that is a
PDF
file
- Submitting your demonstration videos: access the folder to put your videos in from
Assignment 3 (40%)
The third assessment is due 16th June 2024 at 23:59. Here are the details:- Instructions for completing the assignment.
- Submission links:
Note: There is no restriction for your choice of programming language, with the following caveat: if you use a compiled programming language like C/C++, you will get a 5% bonus, that is, your overall grade in assignment 3 (out of 100) will be multiplied by 1.05 (capped at 100). With any interpreted language (like Python) or compiled-to-IL language (like java or C#), there will be no bonus. Also, note that irrespective of your choice of language, you should compile your code to a standalone executable that runs on a typical (bare bone) 32-bit windows OS. Your executable should be as small as possible. This only applies to the victim side, you are completely free in your choice of command-and-control side (because that runs on the attacker's choice of server and any dependencies will be taken care of). If you choose Python, you can take advantage of a provided keylogger sample file.
- Keylogger script
- logger.py: hooks Windows events, writes to
$HOME/Downloads/output.txt
- Run as
pythonw logger.py
and it will run in the background until killed using Task Manager (kill the Python process) - Completing the last part of the assignment requires you to convert it to an executable, do this using command line
pyinstaller logger.py
and look in thebuild
directory
- logger.py: hooks Windows events, writes to
- Command and control server:
- Quick start covering installation on Mac and Windows and a simple application
- Short tutorial on how to use requests library for a client program
- Background documentation:
- PyHook tutorial - hook windows events
- KeyboardEvent class - event returned by hook
-
Event.KeyID
returns virtual key, useful for identifying PGUP, ARROW LEFT etc. - Virtual Key Values - use this to interpret the
KeyID
- PyWin documentation - interacting with windows processes
- PyInstaller - convert python script to executable