Flylib.com
Rootkits: Subverting the Windows Kernel
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111
Authors:
Greg Hoglund
,
Jamie Butler
BUY ON AMAZON
Rootkits: Subverting the Windows Kernel
Table of Contents
Copyright
Praise for Rootkits
Preface
Historical Background
Target Audience
Prerequisites
Scope
Acknowledgments
About the Authors
About the Cover
Chapter 1. Leave No Trace
Understanding Attackers Motives
What Is a Rootkit?
Why Do Rootkits Exist?
How Long Have Rootkits Been Around?
How Do Rootkits Work?
What a Rootkit Is Not
Rootkits and Software Exploits
Offensive Rootkit Technologies
Conclusion
Chapter 2. Subverting the Kernel
Important Kernel Components
Rootkit Design
Introducing Code into the Kernel
Building the Windows Device Driver
Loading and Unloading the Driver
Logging the Debug Statements
Fusion Rootkits: Bridging User and Kernel Modes
Loading the Rootkit
Decompressing the .sys File from a Resource
Surviving Reboot
Conclusion
Chapter 3. The Hardware Connection
Ring Zero
Tables, Tables, and More Tables
Memory Pages
The Memory Descriptor Tables
The Interrupt Descriptor Table
The System Service Dispatch Table
The Control Registers
Multiprocessor Systems
Conclusion
Chapter 4. The Age-Old Art of Hooking
Userland Hooks
Kernel Hooks
A Hybrid Hooking Approach
Conclusion
Chapter 5. Runtime Patching
Detour Patching
Jump Templates
Variations on the Method
Conclusion
Chapter 6. Layered Drivers
A Keyboard Sniffer
The KLOG Rootkit: A Walk-through
File Filter Drivers
Conclusion
Chapter 7. Direct Kernel Object Manipulation
DKOM Benefits and Drawbacks
Determining the Version of the Operating System
Communicating with the Device Driver from Userland
Hiding with DKOM
Token Privilege and Group Elevation with DKOM
Conclusion
Chapter 8. Hardware Manipulation
Why Hardware?
Modifying the Firmware
Accessing the Hardware
Example: Accessing the Keyboard Controller
How Low Can You Go? Microcode Update
Conclusion
Chapter 9. Covert Channels
Remote Command, Control, and Exfiltration of Data
Disguised TCPIP Protocols
Kernel TCPIP Support for Your Rootkit Using TDI
Raw Network Manipulation
Kernel TCPIP Support for Your Rootkit Using NDIS
Host Emulation
Conclusion
Chapter 10. Rootkit Detection
Detecting Presence
Detecting Behavior
Conclusion
Index
index_SYMBOL
index_A
index_B
index_C
index_D
index_E
index_F
index_G
index_H
index_I
index_J
index_K
index_L
index_M
index_N
index_O
index_P
index_R
index_S
index_T
index_U
index_V
index_W
index_Z
Rootkits: Subverting the Windows Kernel
ISBN: 0321294319
EAN: 2147483647
Year: 2006
Pages: 111
Authors:
Greg Hoglund
,
Jamie Butler
BUY ON AMAZON
Qshell for iSeries
The Exit Status and Decision-Making
The Integrated File System
Functions
Application Development Tools
Appendix B Qshell versus DOS
Strategies for Information Technology Governance
An Emerging Strategy for E-Business IT Governance
Assessing Business-IT Alignment Maturity
Measuring and Managing E-Business Initiatives Through the Balanced Scorecard
Managing IT Functions
Governing Information Technology Through COBIT
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Introduction to Kanban
Developing a Kanban Design
Auditing the Kanban
Improving the Kanban
Appendix B Kanban Supermarkets
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Using Cisco IPC Express in Retail, Financial, and Healthcare Businesses
Recommended Reading
Digit Manipulation
Analog Voice Mail
Dialplan Pattern Configuration Problems
The Java Tutorial: A Short Course on the Basics, 4th Edition
Summary of Exceptions
Summary of Reading and Writing
Your First Swing Program
Taking Advantage of the Applet API
Code Samples
Programming Microsoft ASP.NET 3.5
Working with the Page
The HTTP Request Context
ASP.NET State Management
Extending Existing ASP.NET Controls
HTTP Handlers and Modules
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy
This website uses cookies. Click
here
to find out more.
Accept cookies