LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code needed.
Managed Code Rootkits
Hooking into Runtime Environments
- 1st Edition - October 28, 2010
- Author: Erez Metula
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 5 7 4 - 5
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 5 7 5 - 2
Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programmi… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteManaged Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language.
The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment.
The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems.
- Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
- Introduces the reader briefly to managed code environments and rootkits in general
- Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
- Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios
Intermediate to advanced pen testers; hackers; malware researchers; software engineers; OS designers and developers
Acknowledgements
About the Author
Part I Overview
Chapter 1 Introduction
The Problem of Rootkits and Other Types of Malware
Why Do You Need This Book?
Terminology Used in This Book
Technology Background: An Overview
Summary
Chapter 2 Managed Code Rootkits
What Can Attackers Do with Managed Code Rootkits?
Common Attack Vectors
Why Are Managed Code Rootkits Attractive to Attackers?
Summary
Endnotes
Part II Malware Development
Chapter 3 Tools of the Trade
The Compiler
The Decompiler
The Assembler
The Disassembler
The Role of Debuggers
The Native Compiler
File Monitors
Summary
Chapter 4 Runtime Modification
Is It Possible to Change the Definition of a Programming Language?
Walkthrough: Attacking the Runtime Class Libraries
Summary
Chapter 5 Manipulating the Runtime
Manipulating the Runtime According to Our Needs
Reshaping the Code
Code Generation
Summary
Chapter 6 Extending the Language with a Malware API
Why Should We Extend the Language?
Extending the Runtime with a Malware API
Summary
Endnote
Chapter 7 Automated Framework Modification
What is ReFrameworker?
ReFrameworker Modules Concept
Using the Tool
Developing New Modules
Setting Up the Tool
Summary
Chapter 8 Advanced Topics
“Object-Oriented-Aware” Malware
Thread Injection
State Manipulation
Covering the Traces as Native Code
Summary
Part III Countermeasures
Chapter 9 Defending against MCRs
What Can We Do about This Kind of Threat?
Awareness: Malware Is Everybody’s Problem
The Prevention Approach
The Detection Approach
The Response Approach
Summary
Endnote
Part IV Where Do We Go From Here?
Chapter 10 Other Uses of Runtime Modification
Runtime Modification As an Alternative Problem-Solving Approach
Runtime Hardening
Summary
Index
- No. of pages: 336
- Language: English
- Edition: 1
- Published: October 28, 2010
- Imprint: Syngress
- Paperback ISBN: 9781597495745
- eBook ISBN: 9781597495752
EM
Erez Metula
Erez Metula (CISSP) is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide. Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at Black Hat, DEF CON, CanSecWest, OWASP, and more.
Affiliations and expertise
CISSP, Founder of AppSecRead Managed Code Rootkits on ScienceDirect