Jump to content
Tuts 4 You

The Rootkit Arsenal


Recommended Posts

The Rootkit Arsenal


Bill Blunden

ISBN-13: 9781598220612

ISBN-10: 1598220616


908 Pages

© 2010

Part 1 Foundations

Chapter 1 Setting the Stage

Chapter 2 Into the Catacombs: IA-32

Chapter 3 Windows System Architecture

Chapter 4 Rootkit Basics

Part 2 System Modification

Chapter 5 Hooking Call Tables

Chapter 6 Patching System Routines

Chapter 7 Altering Kernel Objects

Chapter 8 Deploying Filter Drivers

Part 3 Anti-Forensics

Chapter 9 Defeating Live Response

Chapter 10 Defeating File System Analysis

Chapter 11 Defeating Network Analysis

Chapter 12 Countermeasure Summary

Part 4 End Material

Chapter 13 The Tao of Rootkits

Chapter 14 Closing Thoughts

With the growing prevalence of the Internet, rootkit technology has taken center stage in the battle between White Hats and Black Hats. Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.

Learn how to:

Hook kernel structures on multi-processor systems

Use a kernel debugger to reverse-engineer operating system internals

Inject call gates to create a back door into Ring-0

Use detour patches to sidestep group policy

Modify privilege levels on Windows Vista by altering kernel objects

Utilize bootkit technology

Defeat both live incident response and post-mortem forensic analysis

Implement code armoring to protect your deliverables

Establish covert network channels using the WSK and NDIS 6.0

The shell scripts and build files used to compile selected projects in this book can be downloaded from the book’s resource page at www.wordware.com/RKArsenal.


Edited by ZUNAMI
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...