Practical Malware Analysis for CCSF

Scoreboard · My Scores · Submit Flags · Take a Quiz

Canvas Outage

CNIT 126 students should have received
an email from sam.bowne@agentmail.to
showing how to take the final exam
without using Canvas.

Since Canvas is down and I cannot access quiz
scores, your grade will be based on projects
and the final exan only, assuming you got
20 on all the quizzes.

Here is the new grading system:

A: 408
B: 340
C: 205
D: 138
F: 137 or less

I am working on gathering all the extra
credit I sent to Canvas and adding it to
my new scoring system.

If you submitted projects in Canvas, or
have any other issues to discuss, please
email sbowne@ccsf.edu or come to one of my
Twitch sessions shown at the top of samsclass.info

Prepare a Windows VM

Recommended
    PMA 41: Windows 10 or 11 with Analysis Tools		20
Alternative Local System
    ED 32: Windows Virtual Machine 		15 extra
Best Cloud System
    PMA 60: Windows 10 on Azure Cloud		15 extra
Alternate Cloud System
    PMA 30: Windows 2016 Server on Google Cloud		15 extra
Very Old, Not Recommended
    H 2: Windows 2016 Server Virtual Machine

15 extra

Malware Analysis

PMA 101: Basic Static Techniques20 + 30 extra
F 211: Memory Forensics of LastPass and Keeper25 extra
PMA 110: capa15 extra
PMA 221: Basic Dynamic Analysis30 + 30 extra
PMA 222: Making a Windows Keylogger10 extra
PMA 230: Insecure Notepad++ Update20 extra

Restricted Projects

Click Here (password required)

PE Files and DLLs

PMA 105: Process Explorer10
PMA 102: Unpacking25
PMA 121: Unpacking with OllyDbg and pestudio20 + 30 extra
PMA 122: PE Headers10 + 40 extra
PMA 123: Importing DLLs15 + 30 extra
PMA 124: DLL Hijacking15
PMA 125: Installing Visual Studio
     Not needed for Win 10 w Tools VM		10 extra
PMA 126: DLL Proxying20

Debugging

PMA 301: x86 Assembler with Jasmin10 + 10 extra
PMA 340: Windows ARM Executable15 extra
PMA 401. Simple EXE Hacking with Ollydbg30 + 90 extra
PMA 402: Hacking Minesweeper with Ollydbg15 + 30 extra
PMA 404: Adding Code to an EXE in a New Section20 extra
PMA 405: Monitoring Windows API Calls with WinDbg15 extra
PMA 406: Using Ghidra and OllyDbg to Find a Salt15 extra
PMA 407: Scripting in OllyDbg20 extra

Kernel Debugging

Not Recommended--Out of Date
PMA 410: Kernel Debugging with LiveKD		15
PMA 430: The New WinDbg15
PMA 431: WinDbg: Source-Level Debugging10
PMA 432: WinDbg Preview: Kernel Debugging15 + 20 extra
PMA 433: Kernel Debugging with Breakpoints30 extra
PMA 434: Debugging a Driver30 extra

Bootkits

PMA 420: Bootkit Analysis with Bochs15 extra
PMA 421: Understanding the MBR70 extra
TPM 1: Trusted Platform Modules on Windows15 extra

DOT NET

PMA 132: Reversing a .NET Executable40 extra
ED 330: Using C# DOT NET20 extra
ED 331: Dot Net Reflector45 extra

Rust

R 10: Rust Basics, Overflows, & Injection35 extra
R 20: Dangling Pointers & Memory Leaks in Rust35 extra

Disassembly

PMA 303: IDA Pro20 + 20 extra
PMA 304: C Constructs in Assembly15
PMA 510: Starting with Ghidra10 extra
PMA 511: Ghidra Data Displays40 extra

Windows Memory Protections

ED 301: Windows Stack Protection I: Assembly Code15 extra
ED 302: Windows Stack Protection II: Exploit Without ASLR15 extra
ED 303: Windows Stack Protection III: Limitations of ASLR15 extra
ED 310: Windows Mitigations10 extra
H 540: RDP and Old Passwords15 extra

AI Agents

Highly Recommended

ML 190: Personal AI Infrastructure (PAI) (20 pts)
ML 191: Detecting Malware with PAI (15 pts)

Alternatives

ED 33: Ubuntu Linux Desktop (10 pts)
ML 135: OpenClaw on Ubuntu Linux (15 pts)
ML 136: OpenClaw: exec and Email (20 pts)
ML 137: OpenClaw: Web Browsing and Remote Access (20 pts)

Not Recommended

ML 123: Running Llama 3 Locally (15 pts)
ML 133: MCP with Claude (15 pts)
H 112: Cloudflare Quick Tunnel (25 pts)
ML 134: IronClaw on Ubuntu Linux (15 pts)

Assembly Language

Prepare a Linux VM

ED 30: Linux Virtual Machine  15 extra
H 201: Google Cloud Linux Server  10 extra
ASM 100: Basics  69 extra
ASM 104: Bases & Printing  40 extra
ASM 105: ASCII  20 extra
ASM 110: Gdb  30 extra
ASM 120: Files  55 extra
ASM 200: Caesar Cipher  35 extra
ASM 210: XOR  20 extra
Scores archived 10-5-2021
Scores archived 10-11-2022
Scores archived 1-26-24
Scores archived 2-3-25

Virtual Machine Resources

Download Textbook Labs Here

Hypervisors

VMware Player (for Windows hosts, free)
VMware Fusion (for Mac hosts, 30-day trial)
VirtualBox (free for all platforms)

   

Enter Flags · Scoreboard · Details

Archived scores: S25

PMA 230 added, OT 130 removed 12-9-25
U challenges removed 12-10-25
PMA 403 removed, PMA 405 added 12-15-25
Restricted Projects added 12-17-25
PMA 406 and 407 added 12-24-25
PMA 222 changed to PMA222a version 1-29-26
CCSF instructions updated 2-7-26
AI Agents added 3-5-26
ML 136 and 137 added 3-19-26
ML 190 and 191 added 5-7-27
ASM scoreboard link removed 5-10-26
Quizzes added 5-12-26