Raftul cu initiativa Book Archive


Rootkits: Subverting the Windows Kernel by Greg Hoglund

By Greg Hoglund

''It's important that everyone operating within the box of cyber-security learn this booklet to appreciate the growing to be probability of rootkits.'' --Mark Russinovich, editor, home windows IT seasoned / home windows & .NET journal ''This fabric is not just updated, it defines up to date. it really is actually state of the art. because the purely e-book at the topic, Rootkits might be of curiosity to any home windows protection researcher or defense programmer. it is certain, good researched and the technical details is superb. the extent of technical aspect, study, and time invested in constructing proper examples is amazing. in a single notice: Outstanding.'' --Tony Bautts, defense advisor; CEO, Xtivix, Inc. ''This ebook is an important learn for somebody chargeable for home windows safeguard. safeguard execs, home windows method directors, and programmers usually may want to comprehend the suggestions utilized by rootkit authors. At a time while many IT and defense execs are nonetheless being concerned in regards to the newest electronic mail virus or how one can get all of this month's protection patches put in, Mr. Hoglund and Mr. Butler open your eyes to a few of the main stealthy and demanding threats to the home windows working method. purely by way of figuring out those offensive thoughts are you able to effectively guard the networks and structures for that you are responsible.'' --Jennifer Kolde, defense advisor, writer, and teacher ''What's worse than being owned? now not figuring out it. discover what it ability to be owned by way of studying Hoglund and Butler's first-of-a-kind booklet on rootkits. on the apex the malicious hacker toolset--which comprises decompilers, disassemblers, fault-injection engines, kernel debuggers, payload collections, assurance instruments, and move research tools--is the rootkit. starting the place Exploiting software program left off, this publication exhibits how attackers conceal in undeniable sight. ''Rootkits are super robust and are the following wave of assault know-how. Like different kinds of malicious code, rootkits thrive on stealthiness. They conceal clear of regular process observers, using hooks, trampolines, and patches to get their paintings performed. subtle rootkits run in one of these method that different courses that sometimes display screen desktop habit cannot simply discover them. A rootkit therefore offers insider entry merely to those that be aware of that it's working and on hand to just accept instructions. Kernel rootkits can conceal records and working tactics to supply a backdoor into the objective computer. ''Understanding the final word attacker's software presents an enormous motivator for these folks attempting to safeguard structures. No authors are larger suited for offer you an in depth hands-on figuring out of rootkits than Hoglund and Butler. larger to possess this ebook than to be owned.'' --Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting software program (2004) and construction safe software program (2002), either from Addison-Wesley ''Greg and Jamie are surely the go-to specialists by way of subverting the home windows API and growing rootkits. those masters come jointly to pierce the veil of puzzle surrounding rootkits, bringing this data out of the shadows. somebody even remotely drawn to safeguard for home windows structures, together with forensic research, may still contain this publication very excessive on their must-read list.'' --Harlan Carvey, writer of home windows Forensics and Incident restoration (Addison-Wesley, 2005) Rootkits are the final word backdoor, giving hackers ongoing and almost undetectable entry to the structures they make the most. Now, of the world's prime specialists have written the 1st complete advisor to rootkits: what they're, how they paintings, tips on how to construct them, and the way to become aware of them. Rootkit.com's Greg Hoglund and James Butler created and train Black Hat's mythical path in rootkits. during this booklet, they show never-before-told offensive points of rootkit technology--learn how attackers can get in and remain in for years, with no detection. Hoglund and Butler express precisely the best way to subvert the home windows XP and home windows 2000 kernels, educating ideas which are simply utilized to almost any glossy working process, from home windows Server 2003 to Linux and UNIX. utilizing broad downloadable examples, they train rootkit programming suggestions that may be used for quite a lot of software program, from white hat defense instruments to working method drivers and debuggers. After studying this booklet, readers can be capable of *Understand the function of rootkits in distant command/control and software program eavesdropping *Build kernel rootkits which may make procedures, documents, and directories invisible *Master key rootkit programming thoughts, together with hooking, runtime patching, and without delay manipulating kernel items *Work with layered drivers to enforce keyboard sniffers and dossier filters *Detect rootkits and construct host-based intrusion prevention software program that resists rootkit assaults stopover at rootkit.com for code and courses from this ebook. the location additionally comprises improvements to the book's textual content, equivalent to up to date details on rootkits on hand nowhere else.

Show description

Read Online or Download Rootkits: Subverting the Windows Kernel PDF

Similar comptia books

Internet Security Cryptographic Principles Algorithms and Protocols

Wisdom of quantity thought and summary algebra are pre-requisites for any engineer designing a safe internet-based approach. although, lots of the books at the moment on hand at the topic are aimed toward practitioners who simply need to know how a few of the instruments on the market paintings and what point of protection they communicate.

CompTIA A+ 220-701 and 220-702 Cert Guide

Permit me begin by means of announcing that at the present time I took the 220-701, the 1st of the necessary assessments. I handed with a rating of 775, which as top i will determine correlates to among eighty five and ninety on a a hundred aspect scale. My learn used to be completely self-directed and consisted of utilizing 4 various books, the A+ video sequence from okay Alliance and examination prep software program from [.

Pro PHP Security (Pro)

Personal home page is the world’s most well liked open resource net scripting language, put in on nearly 17 million domain names around the globe (www. personal home page. net/usage. php). it truly is enjoyed through rookies and embraced through complex clients. This booklet bargains builders an entire advisor to taking either protective and proactive defense techniques inside of their personal home page purposes.

Secure Data Management in Decentralized Systems

The examine scope of database safeguard has accelerated enormously, as a result of the speedy improvement of the worldwide inter-networked infrastructure. Databases aren't any longer stand-alone platforms which are simply obtainable to inner clients of organisations. as a substitute, permitting selective entry from diversified protection domain names has develop into a needs to for plenty of company practices.

Extra info for Rootkits: Subverting the Windows Kernel

Example text

Most NIDS deployments deal with large data streams (upward of 300 MB/second), and the little trickle of data going to a rootkit will pass by unnoticed. The NIDS poses a larger detection threat when a publicly known exploit is used in conjunction with a rootkit. [30] When using a publicly known exploit, an attacker may craft the exploit code to mimic the behavior of an already-released worm (for example, the Blaster worm). Most security administrators will mistake the attack as simply actions of the known worm, and thus fail to recognize a unique attack.

Silently patched" means the bug is fixed via a software update, but the software vendor never informs the public or any customers that the bug ever existed. For all intents, the bug is treated as "secret" and nobody talks about it. This is standard practice for many large software vendors, in fact. [23] Some exploitable software bugs are found by independent researchers and never reported to the software vendor. They are deadly because nobody knows about them accept the attacker. This means there is little to no defense against them (no patch is available).

Com. This tool is free. Debug statements can be used to print tombstones, markers to indicate that particular lines of code have executed. Using debug statements can sometimes be easier than using a single-step debugger like SoftIce or WinDbg. This is because running a tool to capture debug statements is very easy, while configuring and using a debugger is complex. With debug statements, return codes can be printed or error conditions detailed. Figure 2-2 shows an example of a call-hooking rootkit sending debug output to the system.

Download PDF sample

Rated 4.25 of 5 – based on 42 votes