Flylib.com
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111
Authors:
Greg Hoglund
,
Jamie Butler
BUY ON AMAZON
Rootkits: Subverting the Windows Kernel
Table of Contents
Copyright
Praise for Rootkits
Preface
Historical Background
Target Audience
Prerequisites
Scope
Acknowledgments
About the Authors
About the Cover
Chapter 1. Leave No Trace
Understanding Attackers Motives
What Is a Rootkit?
Why Do Rootkits Exist?
How Long Have Rootkits Been Around?
How Do Rootkits Work?
What a Rootkit Is Not
Rootkits and Software Exploits
Offensive Rootkit Technologies
Conclusion
Chapter 2. Subverting the Kernel
Important Kernel Components
Rootkit Design
Introducing Code into the Kernel
Building the Windows Device Driver
Loading and Unloading the Driver
Logging the Debug Statements
Fusion Rootkits: Bridging User and Kernel Modes
Loading the Rootkit
Decompressing the .sys File from a Resource
Surviving Reboot
Conclusion
Chapter 3. The Hardware Connection
Ring Zero
Tables, Tables, and More Tables
Memory Pages
The Memory Descriptor Tables
The Interrupt Descriptor Table
The System Service Dispatch Table
The Control Registers
Multiprocessor Systems
Conclusion
Chapter 4. The Age-Old Art of Hooking
Userland Hooks
Kernel Hooks
A Hybrid Hooking Approach
Conclusion
Chapter 5. Runtime Patching
Detour Patching
Jump Templates
Variations on the Method
Conclusion
Chapter 6. Layered Drivers
A Keyboard Sniffer
The KLOG Rootkit: A Walk-through
File Filter Drivers
Conclusion
Chapter 7. Direct Kernel Object Manipulation
DKOM Benefits and Drawbacks
Determining the Version of the Operating System
Communicating with the Device Driver from Userland
Hiding with DKOM
Token Privilege and Group Elevation with DKOM
Conclusion
Chapter 8. Hardware Manipulation
Why Hardware?
Modifying the Firmware
Accessing the Hardware
Example: Accessing the Keyboard Controller
How Low Can You Go? Microcode Update
Conclusion
Chapter 9. Covert Channels
Remote Command, Control, and Exfiltration of Data
Disguised TCPIP Protocols
Kernel TCPIP Support for Your Rootkit Using TDI
Raw Network Manipulation
Kernel TCPIP Support for Your Rootkit Using NDIS
Host Emulation
Conclusion
Chapter 10. Rootkit Detection
Detecting Presence
Detecting Behavior
Conclusion
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_R
index_S
index_T
index_U
index_V
index_W
index_Z
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111
Authors:
Greg Hoglund
,
Jamie Butler
BUY ON AMAZON
CISSP Exam Cram 2
SECURITY-MANAGEMENT PRACTICES
Auditing Your Security Infrastructure
Answers to Exam Prep Questions
History of Encryption
Answers to Practice Exam 2
Documenting Software Architectures: Views and Beyond
Advanced Concepts
Documentation Beyond Views
Siemens Four Views
Appendix A. Excerpts from a Software Architecture Documentation Package
C&C Pipe-and-Filter View
Managing Enterprise Systems with the Windows Script Host
Shell Operations
Logon Scripts and Scheduling
Regular Expressions
Network Administration/WMI
Data Access
Information Dashboard Design: The Effective Visual Communication of Data
A Timely Opportunity
Introducing Meaningless Variety
Characteristics of a Well-Designed Dashboard
Putting It All Together
Sample CIO Dashboard
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Overview of Captology
The Functional Triad Computers in Persuasive Roles
Computers as Persuasive Social Actors
Increasing Persuasion through Mobility and Connectivity
The Ethics of Persuasive Technology
Ruby Cookbook (Cookbooks (OReilly))
Building a String from Parts
Checking Your Access to a File
Checking XML Well-Formedness
Using Berkeley DB Databases
Making an HTTPS Web Request
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies