لطفا منتظر باشید ...
Rootkits: Subverting the Windows KernelBy Table of Contents
| Index
"Its imperative that everybody working in the field of
cyber-security read this book to understand the growing threat of
rootkits."
--Mark Russinovich, editor, Windows IT Pro / Windows &
.NET Magazine
"This material is not only up-to-date, it defines up-to-date. It
is truly cutting-edge. As the only book on the subject,
Rootkits will be of interest to any Windows security
researcher or security programmer. Its detailed, well researched
and the technical information is excellent. The level of technical
detail, research, and time invested in developing relevant examples
is impressive. In one word: Outstanding."
--Tony Bautts, Security Consultant; CEO, Xtivix, Inc.
"This book is an essential read for anyone responsible for
Windows security. Security professionals, Windows system
administrators, and programmers in general will want to understand
the techniques used by rootkit authors. At a time when many IT and
security professionals are still worrying about the latest e-mail
virus or how to get all of this months security patches installed,
Mr. Hoglund and Mr. Butler open your eyes to some of the most
stealthy and significant threats to the Windows operating system.
Only by understanding these offensive techniques can you properly
defend the networks and systems for which you are
responsible."
--Jennifer Kolde, Security Consultant, Author, and
Instructor
"Whats worse than being owned? Not knowing it. Find out what it
means to be owned by reading Hoglund and Butlers first-of-a-kind
book on rootkits. At the apex the malicious hacker toolset--which
includes decompilers, disassemblers, fault-injection engines,
kernel debuggers, payload collections, coverage tools, and flow
analysis tools--is the rootkit. Beginning where Exploiting Software
left off, this book shows how attackers hide in plain sight.
"Rootkits are extremely powerful and are the next wave of attack
technology. Like other types of malicious code, rootkits thrive on
stealthiness. They hide away from standard system observers,
employing hooks, trampolines, and patches to get their work done.
Sophisticated rootkits run in such a way that other programs that
usually monitor machine behavior cant easily detect them. A
rootkit thus provides insider access only to people who know that
it is running and available to accept commands. Kernel rootkits can
hide files and running processes to provide a backdoor into the
target machine.
"Understanding the ultimate attackers tool provides an important
motivator for those of us trying to defend systems. No authors are
better suited to give you a detailed hands-on understanding of
rootkits than Hoglund and Butler. Better to own this book than to
be owned."
--Gary McGraw, Ph.D., CTO, Cigital, coauthor of Exploiting
Software (2004) and Building Secure Software (2002), both
from Addison-Wesley
"Greg and Jamie are unquestionably the go-to experts when it
comes to subverting the Windows API and creating rootkits. These
two masters come together to pierce the veil of mystery surrounding
rootkits, bringing this information out of the shadows. Anyone even
remotely interested in security for Windows systems, including
forensic analysis, should include this book very high on their
must-read list."
--Harlan Carvey, author of Windows Forensics and Incident
Recovery (Addison-Wesley, 2005)
Rootkits are the ultimate backdoor, giving hackers ongoing and
virtually undetectable access to the systems they exploit. Now, two
of the worlds leading experts have written the first comprehensive
guide to rootkits: what they are, how they work, how to build them,
and how to detect them. Rootkit.coms Greg Hoglund and James Butler
created and teach Black Hats legendary course in rootkits. In this
book, they reveal never-before-told offensive aspects of rootkit
technology--learn how attackers can get in and stay in for years,
without detection.
Hoglund and Butler show exactly how to subvert the Windows XP
and Windows 2000 kernels, teaching concepts that are easily applied
to virtually any modern operating system, from Windows Server 2003
to Linux and UNIX. Using extensive downloadable examples, they
teach rootkit programming techniques that can be used for a wide
range of software, from white hat security tools to operating
system drivers and debuggers.
After reading this book, readers will be able to
Understand the role of rootkits in remote command/control and
software eavesdropping
Build kernel rootkits that can make processes, files, and
directories invisible
Master key rootkit programming techniques, including hooking,
runtime patching, and directly manipulating kernel objects
Work with layered drivers to implement keyboard sniffers and
file filters
Detect rootkits and build host-based intrusion prevention
software that resists rootkit attacks
Visit rootkit.com for code and
programs from this book. The site also contains enhancements to the
books text, such as up-to-the-minute information on rootkits
available nowhere else.
