Professional.Rootkits.Subverting.the.Windows.Kernel [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا

➟

جستجو در لغت نامه

بیشتر

کتابخانه شخصی پرسش از کتابدار ارسال منبع

Professional.Rootkits.Subverting.the.Windows.Kernel [Electronic resources] - نسخه متنی

Greg. Hoglund

| ،

افزودن به کتابخانه شخصی

میخواهم بخوانم

درحال خواندن

خوانده شده

ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال

جستجو در متن کتاب

بیشتر

تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب

➟

جستجو در لغت نامه

بیشتر

لیست موضوعات

Sitemap

Rootkits: Subverting the Windows Kernel

Table of Contents

Praise for Rootkits

Historical Background

Target Audience

Acknowledgments

About the Authors

About the Cover

Chapter 1. Leave No Trace

Understanding Attackers Motives

What Is a Rootkit?

Why Do Rootkits Exist?

How Long Have Rootkits Been Around?

How Do Rootkits Work?

What a Rootkit Is Not

Rootkits and Software Exploits

Offensive Rootkit Technologies

Chapter 2. Subverting the Kernel

Important Kernel Components

Introducing Code into the Kernel

Building the Windows Device Driver

Loading and Unloading the Driver

Logging the Debug Statements

Fusion Rootkits: Bridging User and Kernel Modes

Loading the Rootkit

Decompressing the .sys File from a Resource

Surviving Reboot

Chapter 3. The Hardware Connection

Tables, Tables, and More Tables

The Memory Descriptor Tables

The Interrupt Descriptor Table

The System Service Dispatch Table

The Control Registers

Multiprocessor Systems

Chapter 4. The Age-Old Art of Hooking

A Hybrid Hooking Approach

Chapter 5. Runtime Patching

Detour Patching

Variations on the Method

Chapter 6. Layered Drivers

A Keyboard Sniffer

The KLOG Rootkit: A Walk-through

File Filter Drivers

Chapter 7. Direct Kernel Object Manipulation

DKOM Benefits and Drawbacks

Determining the Version of the Operating System

Communicating with the Device Driver from Userland

Hiding with DKOM

Token Privilege and Group Elevation with DKOM

Chapter 8. Hardware Manipulation

Modifying the Firmware

Accessing the Hardware

Example: Accessing the Keyboard Controller

How Low Can You Go? Microcode Update

Chapter 9. Covert Channels

Remote Command, Control, and Exfiltration of Data

Disguised TCP/IP Protocols

Kernel TCP/IP Support for Your Rootkit Using TDI

Raw Network Manipulation

Kernel TCP/IP Support for Your Rootkit Using NDIS

Chapter 10. Rootkit Detection

Detecting Presence

Detecting Behavior

توضیحات

افزودن یادداشت جدید

Index

[SYMBOL]
[A]
[B]
[C]
[D]
[E]
[F]
[G]
[H]
[I]
[J]
[K]
[L]
[M]
[N]
[O]
[P]
[R]
[S]
[T]
[U]
[V]
[W]
[Z]

RaiseCPUIrqlAndWait function

Raw network manipulation

binding to interfaces

bouncing packets

forging sources

sending packets

Read-only table access

ReadFile function 2nd

Reboots

from keyboard controllers

recvfrom function

Registering

for surviving reboot

Registers

latching between

Registry

for injecting DLLs into processes

operating system version queries in

RegOpenKeyEx function

RegQueryValue function

RegQueryValueEx function 2nd

Relative Virtual Addresses (RVAs)

Remote command and control 2nd

Remote servers

sending data to

Reordering of instructions

REQINFO structure

Rerouting control flow

ResponseToArp function

Restarting rootkits

RootkitDispatch function

RootkitRevealer tool

Rootkits

and software exploits

characteristics of

behavior detection

guarding-the-doors approach

looking for hooks

legitimate uses of

offensive technologies

RtlCopyMemory function

RtlGetVersion function

Runtime address fixups

Runtime patching

detour.
[See Detour patching]

RVAs
[See Relative Virtual Addresses]