- Shopping Bag ( 0 items )
From Barnes & NobleThe Barnes & Noble Review
Install a rootkit on someone’s system, and you own it. Not just now: indefinitely, because rootkits are virtually undetectable. Their power and stealthiness may make them the most dangerous form of malware ever created. You’d think you’d have heard more about them, but very few people really understand rootkit technology. To become one of them, read Rootkits: Subverting the Windows Kernel.
For years, the best way to learn about rootkits has been to take Greg Hoglund and James Butler’s course at Black Hat, the legendary annual hacker event. Now, for those who can’t make it to Vegas, Hoglund and Butler have organized their unique knowledge into this book. Notwithstanding its title, its principles apply to any operating system, including Linux and Unix. The authors focus on kernel rootkits, the hardest kind to detect. While it’s written primarily from an attacker’s perspective, it’ll be valuable to attackers, defenders, and researchers alike.
The authors first explain what rootkits are (and aren’t), and how they typically function. You’ll walk through the basic steps involved in writing a Windows rootkit; then understand the hardware mechanisms that work behind the scenes to enforce security and memory access: mechanisms attackers must evade or corrupt.
You’ll master both approaches to maintaining uninterrupted, hidden access to a computer: altering its operating system’s execution path, or directly manipulating kernel objects to attack stored information about processes, drivers, or network connections. Along the way, Hoglund and Butler cover hooking, runtime patching, layered drivers, covert channels, and much more. They conclude with today’s best countermeasures: systematic ways to search for hooks, detect suspicious behavior, and reveal hidden files, registry keys, or processes. Bill Camarda, from the September 2005 Read Only