• Complain

Bill Blunden - The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition

Here you can read online Bill Blunden - The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2012, publisher: Jones & Bartlett Learning, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Bill Blunden The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition
  • Book:
    The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition
  • Author:
  • Publisher:
    Jones & Bartlett Learning
  • Genre:
  • Year:
    2012
  • Rating:
    5 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 100
    • 1
    • 2
    • 3
    • 4
    • 5

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

The only complete digital version of this book. Please buy a original copy if you can. :)While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The range of topics presented includes how to:-Evade post-mortem analysis-Frustrate attempts to reverse engineer your command & control modules-Defeat live incident response-Undermine the process of memory analysis-Modify subsystem internals to feed misinformation to the outside-Entrench your code in fortified regions of execution-Design and implement covert channels-Unearth new avenues of attack

Bill Blunden: author's other books


Who wrote The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition? Find out the surname, the name of the author of the book and a list of all author's works by series.

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
World Headquarters Jones Bartlett Learning 5 Wall Street Burlington MA - photo 1

World Headquarters Jones Bartlett Learning 5 Wall Street Burlington MA - photo 2

World Headquarters
Jones & Bartlett Learning
5 Wall Street
Burlington, MA 01803
978-443-5000
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

Production Credits
Publisher: Cathleen Sether
Senior Acquisitions Editor: Timothy Anderson
Managing Editor: Amy Bloom
Director of Production: Amy Rose
Marketing Manager: Lindsay White
V.P., Manufacturing and Inventory Control: Therese Connell
Permissions & Photo Research Assistant: Lian Bruno
Composition: Northeast Compositors, Inc.
Cover Design: Kristin E. Parker
Cover Image: Nagy Melinda/ShutterStock, Inc.
Printing and Binding: Edwards Brothers Malloy
Cover Printing: Edwards Brothers Malloy

Library of Congress Cataloging-in-Publication Data
Blunden, Bill, 1969
Rootkit arsenal : escape and evasion in the dark corners of the system / Bill Blunden. -- 2nd ed.
p. cm.
Includes index.
ISBN 978-1-4496-2636-5 (pbk.) -- ISBN 1-4496-2636-X (pbk.) 1. Rootkits (Computer software) 2. Computers--Access control. 3. Computer viruses. 4. Computer hackers. I. Title.
QA76.9.A25B585 2012
005.8--dc23
2011045666
6048

Printed in the United States of America
16 15 14 13 12 10 9 8 7 6 5 4 3 2 1

This book is dedicated to Sun Wukong, the Monkey King Who deleted his name from the Register of Life and Death Thus achieving immortality

Under Soul No 1350 was the name of Sun Wukong the Heaven-born stone monkey - photo 3

Under Soul No. 1350 was the name of Sun Wukong, the Heaven-born stone monkey, who was destined to live to the age of 342 and die a good death.

I wont write down any number of years, said Sun Wukong.
Ill just erase my name and be done with it.

From Journey to the West, by Wu Chengen

The Rootkit Arsenal Escape and Evasion in the Dark Corners of the System 2nd Edition - image 4

Contents

Preface

The quandary of information technology (IT) is that everything changes. Its inevitable. The continents of high technology drift on a daily basis right underneath our feet. This is particularly true with regard to computer security. Offensive tactics evolve as attackers find new ways to subvert our machines, and defensive tactics progress to respond in kind. As an IT professional, youre faced with a choice: You can proactively educate yourself about the inherent limitations of your security tools or you can be made aware of their shortcomings the hard way, after youve suffered at the hands of an intruder.

In this book, I don the inimical Black Hat in hopes that, by viewing stealth technology from an offensive vantage point, I can shed some light on the challenges that exist in the sphere of incident response. In doing so, Ive waded through a vast murky swamp of poorly documented, partially documented, and undocumented material. This book is your opportunity to hit the ground running and pick up things the easy way, without having to earn a lifetime membership with the triple-fault club.

My goal herein is not to enable bad people to go out and do bad things. The professional malware developers that Ive run into already possess an intimate knowledge of anti-forensics (who do you think provided material and inspiration for this book?). Instead, this collection of subversive ideas is aimed squarely at the good guys. My goal is both to make investigators aware of potential blind spots and to help provoke software vendors to rise and meet the massing horde that has appeared at the edge of the horizon. Im talking about advanced persistent threats (APTs).

APTs: Low and Slow, Not Smash and Grab

The term advanced persistent threat was coined by the Air Force in 2006. An APT represents a class of attacks performed by an organized group of intruders (often referred to as an intrusion set) who are both well funded and well equipped. This particular breed of Black Hat executes carefully targeted campaigns against high-value installations, and they relentlessly assail their quarry until theyve established a solid operational foothold. Players in the defense industry, high-tech vendors, and financial institutions have all been on the receiving end of APT operations.

Depending on the defensive measures in place, APT incidents can involve more sophisticated tools, like custom zero-day exploits and forged certificates. In extreme cases, an intrusion set might go so far as to physically infiltrate a target (e.g., respond to job postings, bribe an insider, pose as a telecom repairman, conduct breaking and entry (B&E), etc.) to get access to equipment. In short, these groups have the mandate and resources to bypass whatever barriers are in place.

Because APTs often seek to establish a long-term outpost in unfriendly territory, stealth technology plays a fundamental role. This isnt your average Internet smash-and-grab that leaves a noisy trail of binaries and network packets. Its much closer to a termite infestation; a low-and-slow underground invasion that invisibly spreads from one box to the next, skulking under the radar and denying outsiders any indication that something is amiss until its too late. This is the venue of rootkits.

1 Whats New in the Second Edition?


Rather than just institute minor adjustments, perhaps adding a section or two in each chapter to reflect recent developments, I opted for a major overhaul of the book. This reflects observations that I received from professional researchers, feedback from readers, peer comments, and things that I dug up on my own.

Out with the Old, In with the New

In a nutshell, I added new material and took out outdated material. Specifically, I excluded techniques that have been proved less effective due to technological advances. For example, I decided to spend less time on bootkits (which are pretty easy to detect) and more time on topics like shellcode and memory-resident software. There were also samples from the first edition that work only on Windows XP, and I removed these as well. By popular demand, Ive also included information on rootkits that reside in the lower rings (e.g., Ring 1, Ring 2, and Ring 3).

The Anti-forensics Connection

While I was writing the first edition, it hit me that rootkits were anti-forensic in nature. After all, as The Grugq has noted, anti-forensics is geared toward limiting both the quantity and quality of forensic data that an intruder leaves behind. Stealth technology is just an instance of this approach: Youre allowing an observer as little indication of your presence as possible, both at run time and after the targeted machine has been powered down. In light of this, Ive reorganized the book around anti-forensics so that you can see how rootkits fit into the grand scheme of things.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition»

Look at similar books to The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition»

Discussion, reviews of the book The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2nd Edition and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.