»
Managed Code Rootkits
 
 

Managed Code Rootkits, 1st Edition

Hooking into Runtime Environments

 
Managed Code Rootkits, 1st Edition,Erez Metula,ISBN9781597495745
 
 
Up to
25%
off
 

  

Syngress

9781597495745

9781597495752

336

235 X 191

A new type of rootkit means a new type of defense. Get all the facts you need to protect against this new attack vector!

Print Book + eBook

USD 59.94
USD 99.90

Buy both together and save 40%

Print Book

Paperback

In Stock

Estimated Delivery Time
USD 37.46
USD 49.95

eBook
eBook Overview

VST format:

DRM Free included formats: EPub, Mobi, PDF

USD 37.46
USD 49.95
Add to Cart
 
 

Key Features

  • Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
  • Introduces the reader briefly to managed code environments and rootkits in general
  • Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
  • Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios

Description

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems.

Readership

Intermediate to advanced pen testers; hackers; malware researchers; software engineers; OS designers and developers

Erez Metula

Erez Metula (CISSP) is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide. Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at Black Hat, DEF CON, CanSecWest, OWASP, and more.

Affiliations and Expertise

CISSP, Founder of AppSec

Managed Code Rootkits, 1st Edition


Acknowledgements

About the Author

Part I Overview

    Chapter 1 Introduction

         The Problem of Rootkits and Other Types of Malware

         Why Do You Need This Book?

         Terminology Used in This Book

         Technology Background: An Overview

         Summary

    Chapter 2 Managed Code Rootkits

         What Can Attackers Do with Managed Code Rootkits?

         Common Attack Vectors

         Why Are Managed Code Rootkits Attractive to Attackers?

         Summary

         Endnotes

Part II Malware Development

    Chapter 3 Tools of the Trade

         The Compiler

         The Decompiler

         The Assembler

         The Disassembler

         The Role of Debuggers

         The Native Compiler

         File Monitors

         Summary

    Chapter 4 Runtime Modification

         Is It Possible to Change the Definition of a Programming Language?

         Walkthrough: Attacking the Runtime Class Libraries

         Summary

    Chapter 5 Manipulating the Runtime

         Manipulating the Runtime According to Our Needs

         Reshaping the Code

         Code Generation

         Summary

    Chapter 6 Extending the Language with a Malware API

         Why Should We Extend the Language?

         Extending the Runtime with a Malware API

         Summary

         Endnote

    Chapter 7 Automated Framework Modification

         What is ReFrameworker?

         ReFrameworker Modules Concept

         Using the Tool

         Developing New Modules





         Setting Up the Tool

         Summary

    Chapter 8 Advanced Topics

         “Object-Oriented-Aware” Malware

         Thread Injection

         State Manipulation

         Covering the Traces as Native Code

         Summary

Part III Countermeasures

    Chapter 9 Defending against MCRs

         What Can We Do about This Kind of Threat?

         Awareness: Malware Is Everybody’s Problem

         The Prevention Approach

         The Detection Approach

         The Response Approach

         Summary

         Endnote

Part IV Where Do We Go From Here?

    Chapter 10 Other Uses of Runtime Modification

         Runtime Modification As an Alternative Problem-Solving Approach

         Runtime Hardening

         Summary

Index






Quotes and reviews

"A well-put-together work: I was able to put some of the tasks to work for me right away. An excellent resource: Technical enough to be useful, but not overly technical." -- Chris Griffin, Trainer, ISECOM USA

"As someone who has to deal with .NET security every day, I always look for new ideas and tools to make .NET applications more secure. This book provides both. It's especially valuable when you have to protect apps without having access to their original source code." -- Kyle C. Quest, GREM, GWAPT, GCIH, GCFA, GCIA, GCWN, GCUX, GCFW, GSNA, CISSP, CIPP, Director of Security Engineering, MetraTech

"Overall the book is very well structured and presented in a way that maintains the reader’s interest as the author delves ever deeper into why hackers use MCRs to target an organisation’s applications. Continuity of the content is maintained by helpful summaries at the end of each chapter… Mr Metula is a consummate and talented security practitioner who knows his subject thoroughly. I consider this book to be excellent value for money and would recommend it to any security professional. In today’s austere economic climate, modern IT solutions are being sought that are proven value for money. The use of virtual servers is rapidly increasing as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--InfoSecReviews.com

"In today’s austere economic climate, modern IT solutions are being sought?that are proven value for money. The use of virtual servers is rapidly increasing?as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--Best Hacking and Pen Testing Books in InfoSecReviews Book Awards

 
 
Save up to 25% on all Books
Shop with Confidence

Free Shipping around the world
▪ Broad range of products
▪ 30 days return policy
FAQ

Contact Us