|
 |
|
 |
 |
Managed Code Rootkits: Hooking into Runtime Environments
|
(Paperback - Nov. 11, 2010)
by Erez Metula
Sales Rank: 170398
|
List Price: $49.95
$32.97
At Amazon
|
|
Paperback: 336 pages
Publisher: Syngress; 1 edition November 11, 2010
Language: English
ISBN-10: 9781597495745
ISBN-13: 978-1597495745
ASIN: 1597495743
Product Dimensions:
9.1 x 7.4 x 1 inches
Shipping Weight: 1.5 pounds
Review
"A well-put-together work: I was able to put some of the tasks to work for me right away. An excellent resource: Technical enough to be useful, but not overly technical." -- Chris Griffin, Trainer, ISECOM USA "As someone who has to deal with .NET security every day, I always look for new ideas and tools to make .NET applications more secure. This book provides both. It's especially valuable when you have to protect apps without having access to their original source code." -- Kyle C. Quest, GREM, GWAPT, GCIH, GCFA, GCIA, GCWN, GCUX, GCFW, GSNA, CISSP, CIPP, Director of Security Engineering, MetraTech
Customer Reviews & Comments
I was very excited when I received this book in my mail and set some time each day to continue reading it. Syngress has been releasing amazing material that has made me follow them as closely as I do with No Starch Press. This release is no exception.
While reading through this book, I learned that the point wasn't really to shock and awe with this type of rootkit nor to shed light on a previously unknown area of managed code, but to show how braindead simple it is to create an MCR (managed code rootkit). The author gives hand-held examples on how to implement his technique in Java's JVM, .net's CLR, and Android's Dalvik.
Following along with the authors guidance and tools, a PoC can be manually made with a tiny bit of C/C++ knowledge. However, to even cut this requirement, an open-source automated framework is shown in later chapters as well. Which is truly amazing, or scary depending on your perspective, that anyone who can follow this book can make a working MCR today.
Now, the main technique is nothing new. Replacement of a run-time library to export a modified function that gets executed by your normal application, which allows a normal export to become a backdoor'd export. However, I noticed something. Just like managed languages are usually good picks until you go further down to the machine level and start managing different aspects for optimizations, this book is just like that for rootkits. It provides a great introduction to rootkits in general and you can follow along without any kind of programming knowledge. This book will definitely ease you into the subject of the rootkit.
For those of you with a little more experience, different examples of things to do with the MCR are given. For example, how to create your own malware api inside of the chosen runtime environment. Code and ideas are provided for such things, so you can stretch your imagination on the subject.
For those of you worried about these types of threats, the last 50 pages is different kinds of protection mechanisms and where we stand as the computer community.
|
Managed Code Rootkits: Hooking into Runtime Environments
List Price: $49.95
Available from Amazon
Price: $32.97
| |
|
|
|
|
