Page Tools:

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Second Edition

Author(s): Bill Blunden
Details:
  • ISBN-13: 9781449626365
  • Paperback    784 pages      © 2013
Price: International Sales $80.95 US List
Add to Cart Request a Review Copy

While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.

The range of topics presented includes how to:

  • Evade post-mortem analysis
  • Frustrate attempts to reverse engineer your command & control modules
  • Defeat live incident response
  • Undermine the process of memory analysis
  • Modify subsystem internals to feed misinformation to the outside
  • Entrench your code in fortified regions of execution
  • Design and implement covert channels
  • Unearth new avenues of attack

Features & Benefits

  • Offers exhaustive background material on the Intel platform and Windows Internals
  • Covers stratagems and tactics that have been used by botnets to harvest sensitive data
  • Includes working proof-of-concept examples, implemented in the C programming language
  • Heavily annotated with references to original sources
  Part I  Foundation
    Chapter 1  Empty Cup Mind
    Chapter 2  Anti-Forensics Overview
    Chapter 3  Hardware Briefing
    Chapter 4  System Software Briefing
    Chapter 5  Tools of the Trade
    Chapter 6  Life in Kernel Space
  Part II  Post-Mortem
    Chapter 7  Defeating Disk Analysis
    Chapter 8  Foiling Executable Analysis
  Part III  Live Response
    Chapter 9  Defeating Live Response
    Chapter 10  Shellcode
    Chapter 11  Modifying Call Tables
    Chapter 12  Modifying Code
    Chapter 13  Modifying Objects Kernel
    Chapter 14  Covert Channels
    Chapter 15  Going Out-of-Band
  Part IV  Summation
    Chapter 16  The Tao of Rootkits

Bill Blunden

Bill Blunden (MCSE, MCITP: Enterprise Administrator) began his journey into enterprise computing over ten years ago at an insurance company in Cleveland, Ohio. Gradually forging a westward path to Northern California, he’s worked with ERP middleware, developed code for network security appliances, and taken various detours through academia. Bill is the principal investigator at Below Gotham Labs.

Related Subjects
Email Updates