Page Tools:

The Rootkit Arsenal: Escape and Evasion
Escape and Evasion in the Dark Corners of the System

Author(s): Bill Blunden
Details:
  • ISBN-13: 9781598220612
  • ISBN-10:1598220616
  • Paperback    908 pages      © 2010
Price: International Sales $49.95 US List
Add to Cart Request a Review Copy

With the growing prevalence of the Internet, rootkit technology has taken center stage in the battle between White Hats and Black Hats. Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.

Learn how to:

  • Hook kernel structures on multi-processor systems
  • Use a kernel debugger to reverse-engineer operating system internals
  • Inject call gates to create a back door into Ring-0
  • Use detour patches to sidestep group policy
  • Modify privilege levels on Windows Vista by altering kernel objects
  • Utilize bootkit technology
  • Defeat both live incident response and post-mortem forensic analysis
  • Implement code armoring to protect your deliverables
  • Establish covert network channels using the WSK and NDIS 6.0

The shell scripts and build files used to compile selected projects in this book can be downloaded from the book’s resource page at www.wordware.com/RKArsenal.

 

Part 1  Foundations
  Chapter 1  Setting the Stage
  Chapter 2  Into the Catacombs: IA-32
  Chapter 3  Windows System Architecture
  Chapter 4  Rootkit Basics
Part 2  System Modification
  Chapter 5  Hooking Call Tables
  Chapter 6  Patching System Routines
  Chapter 7  Altering Kernel Objects
  Chapter 8  Deploying Filter Drivers
Part 3  Anti-Forensics
  Chapter 9  Defeating Live Response
  Chapter 10  Defeating File System Analysis
  Chapter 11  Defeating Network Analysis
  Chapter 12  Countermeasure Summary
Part 4  End Material
  Chapter 13  The Tao of Rootkits
  Chapter 14  Closing Thoughts

Bill Blunden

Bill Blunden (MCSE, MCITP: Enterprise Administrator) began his journey into enterprise computing over ten years ago at an insurance company in Cleveland, Ohio. Gradually forging a westward path to Northern California, he’s worked with ERP middleware, developed code for network security appliances, and taken various detours through academia. Bill is the principal investigator at Below Gotham Labs.

Additional Titles by this Author

  • This book addresses a controversial and timely issue in the field of network security. Rootkits are notoriously used by the black hat hacking community. A rootkit allows an attacker to subvert a compromised system. This subversion can take place at the application level, as is the case for the early rootkits that replaced a set of common administrative tools, but can be more dangerous when it occurs at the kernel level. A rootkit hides the network traffic, processes, and files that an attacker decides to keep invisible to administrators and system management tools… If you work on defensive solutions--anti-virus and malware detection tools--or are interested in low-level system programming, you must read this book. In fact, for the intended audience, this is one of the best books of 2009.


    -Computing Reviews

  • "Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented."


    -John Matlock
    Books-On-Line