The Rootkit Arsenal

[ZUNAMI]

The Rootkit Arsenal

Bill Blunden

ISBN-13: 9781598220612

ISBN-10: 1598220616

Paperback

908 Pages

© 2010

Part 1 Foundations

Chapter 1 Setting the Stage

Chapter 2 Into the Catacombs: IA-32

Chapter 3 Windows System Architecture

Chapter 4 Rootkit Basics

Part 2 System Modification

Chapter 5 Hooking Call Tables

Chapter 6 Patching System Routines

Chapter 7 Altering Kernel Objects

Chapter 8 Deploying Filter Drivers

Part 3 Anti-Forensics

Chapter 9 Defeating Live Response

Chapter 10 Defeating File System Analysis

Chapter 11 Defeating Network Analysis

Chapter 12 Countermeasure Summary

Part 4 End Material

Chapter 13 The Tao of Rootkits

Chapter 14 Closing Thoughts

With the growing prevalence of the Internet, rootkit technology has taken center stage in the battle between White Hats and Black Hats. Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.

Learn how to:

Hook kernel structures on multi-processor systems

Use a kernel debugger to reverse-engineer operating system internals

Inject call gates to create a back door into Ring-0

Use detour patches to sidestep group policy

Modify privilege levels on Windows Vista by altering kernel objects

Utilize bootkit technology

Defeat both live incident response and post-mortem forensic analysis

Implement code armoring to protect your deliverables

Establish covert network channels using the WSK and NDIS 6.0

The shell scripts and build files used to compile selected projects in this book can be downloaded from the book’s resource page at www.wordware.com/RKArsenal.

h++p://rapidshare.com/files/278312487/0eEFi_aR_tee_odhroa0_lAMDwtBAT_n9r.rar.html

Edited September 14, 2009 by ZUNAMI

[ghandi]

The sample files are now hosted here:
/>http://www.jbpub.com/catalog/9781598220612/samples/

[ZUNAMI]

The sample files noting full. Plis post full source code E-book???