Flylib.com
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111
Authors:
Greg Hoglund
,
Jamie Butler
BUY ON AMAZON
Rootkits: Subverting the Windows Kernel
Table of Contents
Copyright
Praise for Rootkits
Preface
Historical Background
Target Audience
Prerequisites
Scope
Acknowledgments
About the Authors
About the Cover
Chapter 1. Leave No Trace
Understanding Attackers Motives
What Is a Rootkit?
Why Do Rootkits Exist?
How Long Have Rootkits Been Around?
How Do Rootkits Work?
What a Rootkit Is Not
Rootkits and Software Exploits
Offensive Rootkit Technologies
Conclusion
Chapter 2. Subverting the Kernel
Important Kernel Components
Rootkit Design
Introducing Code into the Kernel
Building the Windows Device Driver
Loading and Unloading the Driver
Logging the Debug Statements
Fusion Rootkits: Bridging User and Kernel Modes
Loading the Rootkit
Decompressing the .sys File from a Resource
Surviving Reboot
Conclusion
Chapter 3. The Hardware Connection
Ring Zero
Tables, Tables, and More Tables
Memory Pages
The Memory Descriptor Tables
The Interrupt Descriptor Table
The System Service Dispatch Table
The Control Registers
Multiprocessor Systems
Conclusion
Chapter 4. The Age-Old Art of Hooking
Userland Hooks
Kernel Hooks
A Hybrid Hooking Approach
Conclusion
Chapter 5. Runtime Patching
Detour Patching
Jump Templates
Variations on the Method
Conclusion
Chapter 6. Layered Drivers
A Keyboard Sniffer
The KLOG Rootkit: A Walk-through
File Filter Drivers
Conclusion
Chapter 7. Direct Kernel Object Manipulation
DKOM Benefits and Drawbacks
Determining the Version of the Operating System
Communicating with the Device Driver from Userland
Hiding with DKOM
Token Privilege and Group Elevation with DKOM
Conclusion
Chapter 8. Hardware Manipulation
Why Hardware?
Modifying the Firmware
Accessing the Hardware
Example: Accessing the Keyboard Controller
How Low Can You Go? Microcode Update
Conclusion
Chapter 9. Covert Channels
Remote Command, Control, and Exfiltration of Data
Disguised TCPIP Protocols
Kernel TCPIP Support for Your Rootkit Using TDI
Raw Network Manipulation
Kernel TCPIP Support for Your Rootkit Using NDIS
Host Emulation
Conclusion
Chapter 10. Rootkit Detection
Detecting Presence
Detecting Behavior
Conclusion
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_R
index_S
index_T
index_U
index_V
index_W
index_Z
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111
Authors:
Greg Hoglund
,
Jamie Butler
BUY ON AMAZON
Inside Network Security Assessment: Guarding Your IT Infrastructure
Introduction to Assessing Network Vulnerabilities
Security Requires Information Classification
A Brief History of Security Tools
Preparing the Final Report
Analysis
High-Speed Signal Propagation[c] Advanced Black Magic
Summary of Breakpoints Between Regions
Limits to Attainable Distance
Common-Mode Range
Issues with Screening
Arithmetic of Clock Skew
FileMaker Pro 8: The Missing Manual
Creating a New Database
Setting up Field Controls
Table Occurrences
Putting a Complex Script Together
Script Debugger
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Hack 2. Set Up Bluetooth on Windows XP
Hack 19. Get Google Maps on Your Mobile Phone
Hack 80. Redirect Brought to you by Bonjour Ads
Hack 90. Build a Slotted Waveguide Antenna
Hack 100. Take Advantage of Antenna Polarization
Quantitative Methods in Project Management
Project Value: The Source of all Quantitative Measures
Organizing and Estimating the Work
Expense Accounting and Earned Value
Special Topics in Quantitative Management
Quantitative Methods in Project Contracts
Python Standard Library (Nutshell Handbooks) with
The _ _builtin_ _ Module
The xmllib Module
The sgmllib Module
The htmllib Module
The cmp Module
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies