Welcome to

CSCI 591: Malicious Code Analysis
& CSCI 594: Advanced Security

I’ll keep a running collection of tools, papers, articles, and other interesting resources here. Use as you see fit.

I may pull from here if relevant topics come up. I’ll also try to post links here to any relevant resources you share with me.

Books

Required and optional course resources, reading materials, etc.

Required Textbook(s)
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski, Andrew Honig, No Starch Press, 2012[Website]
  • Computer Viruses: From Theory to Applications by Eric Filiol, Springer, 2006[Website]

Tools & Technical References

Great reference materials for labs and programming

Cheatsheets

Markdown / Git / Command Line / C / Python / Makefile /

Environment Tools
Programming & Debugging
More Technical References

Articles, Research Papers, Feeds, Reading Lists

Want to go deeper? Here are some links to help you explore more!

Security
  • IoT Security and Privacy Reading List [GitHub]
  • The Greatest Hits in Side Channel Attacks [Website]
  • How to Create a Password That is Actually Secure [Article]
  • At death’s door for years, widely used SHA1 function is now dead [Article] #CollisionAttack #IdenticalPrefixCollision
  • PGP keys, software security, and much more threatened by new SHA1 exploit [Article] #ChosenPrefixAttack
  • SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and Application to the PGP Web of Trust (USENIX Security’20) [Full Paper]
  • Small world with high risks: a study of security threats in the npm ecosystem (USENIX Security’19) [Full Paper]
  • in-toto: Providing farm-to-table guarantees for bits and bytes (USENIX Security’19) [Full Paper]
  • Detecting and Characterizing Lateral Phishing at Scale (USENIX Security’19) [Full Paper]
  • Invisible Mask: Practical Attacks on Face Recognition with Infrared (arXiv’18) [Full Paper]
  • “I was told to buy a software or lose my computer. I ignored it”: A study of ransomware (SOUPS’19) [Full Paper]
  • Four different tricks to bypass StackShield and StackGuard protection [Full Paper]
Systems
  • An analysis of performance evolution of Linux’s core operations (SOSP’19) [Summary] [Full Paper]
  • A fork() in the road (HotOS’19) [Full Paper]
  • My VM is Lighter (and Safer) than your Container (SOSP’17) [Full Paper]
  • Granular Computing (HotOS’19) [Full Paper]
  • Practical Safe Linux Kernel Extensibility (HotOS’19) [Full Paper]
  • Efficient Scalable Thread-Safety-Violation Detection - Finding thousands of concurrency bugs during testing (SOSP’19) [Full Paper]
  • Twizzler: An Operating System for Next-Generation Memory Hierarchies (2017) [Full Paper]
  • CheriABI: enforcing valid pointer provenance and minimizing pointer privilege in the POSIX C run-time environment (ASPLOS’19) [Summary] [Full Paper]
  • Compress Objects, Not Cache Lines: An Object-Based Compressed Memory Hierarchy (ASPLOS’19) [Summary] [Full Paper]