COMPX519-24B

COMPX519-24B

Assignment 1

Total Marks: 20

Due: 11 August 2024 09:00 pm

Submission: Online (Submit through Moodle)

This assignment has four parts. You will use web to complete  various  tasks  in  this assignment. Please make sure you cite all sources appropriately for information you use from any source and the ideas which are not yours.

For referencing style

https://libraryguides.waikato.ac.nz/apa-style

For all parts, read the notes carefully. Part 1 - Binary Analysis - 3 marks

Download the file Sample from Moodle. Analyse the file and answer the following short questions.

Notes:  There is no need to execute this file. For all answers, you must provide  a screenshot with a date showing when it was taken. A screenshot without a date will not be accepted.

1.   Is this file an executable or a dll?

2.   What address does the NT Header/PE Header starts from?

3.   How many sections does this PE file contain and what are they?

4.   What is the Address of the Entry Point?

5.   What functions are being imported and exported by the binary?

6.   If the file can handle large addressset?

Part 2 - Malware Functionality - 3 marks

Recently, it was found that malicious code planted inside XZ Utils breaks encrypted SSH connections and can provide a backdoor. In this part, you will use the web to read about this and answer the following questions.

Notes: There is no need to download or execute any file. Please write in your own words and make sure you cite all sources.

1.   Explain the main idea behind XZ utils backdoor (Exploitation, Impact)?

2.   How was this vulnerability discovered?

Part 3 - Malware Analysis - 4 marks

Assume that you are asked to perform. static analysis for a client. You do not have access to executable files; however, you are provided the following two hashes. In this part, you will use the web to gather relevant information and prepare a report with the following components.

Notes: There is no need to download or execute any file. Please write in your own words and make sure you cite all sources.

Hash1: db349b97c37d22f5ea1d1841e3c89eb4 Hash2: 82eecd3b80caa7d0f51aba4ee8149c1a

1.   Find the threat categories for both hashes (one or more).

2.   Briefly  explain the behaviour  for both hashes. You are not required to list each action.

•   Filesystem actions

•   Registry actions

Part 4 - Source Code Analysis - 10 marks

Assume that we have found a repository that we suspect contains part of the source code for malicious executables. You have been asked to analyse four code snippets provided below and prepare a report with the following components.

Notes: There is no need to execute code snippets. Please write in your own words and make sure you cite all sources.

1.   For each code snippet provided, explain which functionality (core and/or additional) being implemented? Refer to specific line(s) of code.

Assignment submission

Submit everything in a single (pdf) report on Moodle.

Extensions

Extensions will normally be granted only on the basis of verified sound reasons. If you require an extension, get in touch with the lecturer as early as possible (But no later than 48 hours before the deadline).

Late Submission

You can submit late. However, late submissions will be deducted 1 mark/day.