Metula Managed Code Rootkits

Hooking into Runtime Environments
1. Auflage 2010
ISBN: 978-1-59749-575-2
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark

Häufig gestellte Fragen zu E-Books

E-Book, Englisch, 336 Seiten

Managed Code Rootkits
Erscheinungsjahr 2010, 978-1-59749-574-5, Buch

Keine Information zur Barrierefreiheit bekannt: The release date of the product is before 28 June 2025, the product could not be checked for all accessibility features yet

Hooking into Runtime Environments

E-Book, Englisch, 336 Seiten

ISBN: 978-1-59749-575-2
Verlag: Elsevier Science & Techn.
Format: EPUB
Kopierschutz: 6 - ePub Watermark

Häufig gestellte Fragen zu E-Books

38,95 €

(inkl. MwSt.)

versandkostenfreie Lieferung
sofort verfügbar

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems. - Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews - Introduces the reader briefly to managed code environments and rootkits in general - Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation - Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios

Erez Metula (CISSP) is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide. Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at Black Hat, DEF CON, CanSecWest, OWASP, and more.

Metula Managed Code Rootkits jetzt bestellen!

Autoren/Hrsg.

Metula, Erez

Weitere Infos & Material

Inhaltsverzeichnis

1;Front Cover;1
2;Managed Code Rootkits;4
3;Copyright;5
4;Table of Contents;6
5;Acknowledgements;12
6;About the Author;14
7;Part I: Overview;16
7.1;Chapter 1. Introduction;18
7.1.1;The Problem of Rootkits and Other Types of Malware;19
7.1.2;Why Do You Need This Book?;21
7.1.3;Terminology Used in This Book;24
7.1.4;Technology Background: An Overview;25
7.1.5;Summary;36
7.2;Chapter 2. Managed Code Rootkits;38
7.2.1;What Can Attackers Do with Managed Code Rootkits?;39
7.2.2;Common Attack Vectors;41
7.2.3;Why Are Managed Code Rootkits Attractive to Attackers?;45
7.2.4;Summary;50
7.2.5;Endnotes;51
8;Part II: Malware Development;52
8.1;Chapter 3. Tools of the Trade;54
8.1.1;The Compiler;55
8.1.2;The Decompiler;57
8.1.3;The Assembler;61
8.1.4;The Disassembler;64
8.1.5;The Role of Debuggers;67
8.1.6;The Native Compiler;71
8.1.7;File Monitors;75
8.1.8;Summary;76
8.2;Chapter 4. Runtime Modification;78
8.2.1;Is It Possible to Change the Definition of a Programming Language?;78
8.2.2;Walkthrough: Attacking the Runtime Class Libraries;86
8.2.3;Summary;114
8.3;Chapter 5. Manipulating the Runtime;116
8.3.1;Manipulating the Runtime According to Our Needs;116
8.3.2;Reshaping the Code;144
8.3.3;Code Generation;154
8.3.4;Summary;157
8.4;Chapter 6. Extending the Language with a Malware API;158
8.4.1;Why Should We Extend the Language?;158
8.4.2;Extending the Runtime with a Malware API;161
8.4.3;Summary;194
8.4.4;Endnote;195
8.5;Chapter 7. Automated Framework Modification;196
8.5.1;What is ReFrameworker?;197
8.5.2;ReFrameworker Modules Concept;199
8.5.3;Using the Tool;211
8.5.4;Developing New Modules;221
8.5.5;Setting Up the Tool;227
8.5.6;Summary;231
8.6;Chapter 8. Advanced Topics;234
8.6.1;“Object-Oriented-Aware ” Malware;235
8.6.2;Thread Injection;246
8.6.3;State Manipulation;252
8.6.4;Covering the Traces As Native Code;262
8.6.5;Summary;272
9;Part III: Countermeasures;274
9.1;Chapter 9. Defending against MCRs;276
9.1.1;What Can We Do about This Kind of Threat ?;276
9.1.2;Awareness: Malware Is Everybody’s Problem;278
9.1.3;The Prevention Approach;283
9.1.4;The Detection Approach;287
9.1.5;The Response Approach;299
9.1.6;Summary;304
9.1.7;Endnote;305
10;Part IV: Where Do We Go from Here?;306
10.1;Chapter 10. Other Uses of Runtime Modification;308
10.1.1;Runtime Modification As an Alternative Problem-Solving Approach;308
10.1.2;Runtime Hardening;312
10.1.3;Summary;325
11;Index;326

Produktsicherheit

Fragen zum Artikel?

Ihre Fragen, Wünsche oder Anmerkungen

Vorname*

Nachname*

Ihre E-Mail-Adresse*

Kundennr.

Ihre Nachricht*

Lediglich mit * gekennzeichnete Felder sind Pflichtfelder.

Wenn Sie die im Kontaktformular eingegebenen Daten durch Klick auf den nachfolgenden Button übersenden, erklären Sie sich damit einverstanden, dass wir Ihr Angaben für die Beantwortung Ihrer Anfrage verwenden. Selbstverständlich werden Ihre Daten vertraulich behandelt und nicht an Dritte weitergegeben. Sie können der Verwendung Ihrer Daten jederzeit widersprechen. Das Datenhandling bei Sack Fachmedien erklären wir Ihnen in unserer Datenschutzerklärung.

38,95 € (inkl. MwSt.)

sofort verfügbar

Webcode: www2.sack.de/vvks0