Join Books.org — it's free
Home > Books > Rootkits

Computer Security, Windows/Windows 95 & 98
Rootkits by Greg Hoglund,Jamie Butler — book cover

Rootkits

by Greg Hoglund, Jamie Butler
Write a review
Log in to track your reading progress.

Overview

"Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the world's leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology - learn how attackers can get in and stay in for years, without detection." Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.

About the Author, Greg Hoglund,Jamie Butler

Greg Hoglund has been a pioneer in the area of software security. He is CEO of HBGary, Inc., a leading provider of software security verification services. After writing one of the first network vulnerability scanners (installed in over half of all Fortune 500 companies), he created and documented the first Windows NT-based rootkit, founding rootkit.com in the process. Greg is a frequent speaker at Black Hat, RSA, and other security conferences.

James Butler, Director of Engineering at HBGary, has a world-class talent for kernel programming and rootkit development and extensive experience in host-based intrusion-detection systems. He is the developer of VICE, a rootkit detection and forensics system. Jamie's previous positions include Senior Security Software Engineer at Enterasys and Computer Scientist at the National Security Agency. He is a frequent trainer and speaker at Black Hat security conferences. He holds a masters of computer science from the University of Maryland, Baltimore County. He has published articles in the IEEE Information Assurance Workshop, Phrack, USENIX ;login:, and Information Management and Computer Security.

Reviews

There are no reviews yet. Log in to write one.

Editorials

From Barnes & Noble

The Barnes & Noble Review
Install a rootkit on someone’s system, and you own it. Not just now: indefinitely, because rootkits are virtually undetectable. Their power and stealthiness may make them the most dangerous form of malware ever created. You’d think you’d have heard more about them, but very few people really understand rootkit technology. To become one of them, read Rootkits: Subverting the Windows Kernel.

For years, the best way to learn about rootkits has been to take Greg Hoglund and James Butler’s course at Black Hat, the legendary annual hacker event. Now, for those who can’t make it to Vegas, Hoglund and Butler have organized their unique knowledge into this book. Notwithstanding its title, its principles apply to any operating system, including Linux and Unix. The authors focus on kernel rootkits, the hardest kind to detect. While it’s written primarily from an attacker’s perspective, it’ll be valuable to attackers, defenders, and researchers alike.

The authors first explain what rootkits are (and aren’t), and how they typically function. You’ll walk through the basic steps involved in writing a Windows rootkit; then understand the hardware mechanisms that work behind the scenes to enforce security and memory access: mechanisms attackers must evade or corrupt.

You’ll master both approaches to maintaining uninterrupted, hidden access to a computer: altering its operating system’s execution path, or directly manipulating kernel objects to attack stored information about processes, drivers, or network connections. Along the way, Hoglund and Butler cover hooking, runtime patching, layered drivers, covert channels, and much more. They conclude with today’s best countermeasures: systematic ways to search for hooks, detect suspicious behavior, and reveal hidden files, registry keys, or processes. Bill Camarda, from the September 2005 Read Only

Slashdot.org

Rootkits is an invaluable contribution in the wider understanding of advanced attack and hacker techniques. Previously, much of this material was known to only a handful of people, and assembling your own knowledge base was difficult.... If you're interested in learning how to write your own rootkit or detect someone else's rootkit on your system, you should definitely start with this book.

Book Details

Published
July 22, 2005
Publisher
Upper Saddle River, NJ : Addison-Wesley, 2005.
Pages
352
Format
Paperback
ISBN
9780321294319

Similar books

Windows Forensic Analysis DVD Toolkit
Windows Forensic Analysis DVD Toolkit
Creating the Secure Managed Desktop: Using Group Policy, SoftGrid, Microsoft Deployment Toolkit, and Other Management Tools (Serious Skills Series)
Creating the Secure Managed Desktop: Using Group Policy, SoftGrid, Microsoft Deployment Toolkit, and Other Management Tools (Serious Skills Series)
Windows Forensics and Incident Recovery
Windows Forensics and Incident Recovery
Hardening Windows Systems
Hardening Windows Systems
Hacking exposed Windows
Hacking exposed Windows
The Internet Windows Server Construction Kit
The Internet Windows Server Construction Kit
Windows Sysinternals Administrators Reference
Windows Sysinternals Administrators Reference
Mastering Windows Network Forensics and Investigation
Mastering Windows Network Forensics and Investigation
Introduction to Information and Computer Literacy with Microsoft Windows 95 and Microsoft Office 97
Introduction to Information and Computer Literacy with Microsoft Windows 95 and Microsoft Office 97
The Real MCTS/MCITP Exam 70-620 Prep Kit: Independent and Complete Self-Paced Solutions
The Real MCTS/MCITP Exam 70-620 Prep Kit: Independent and Complete Self-Paced Solutions