The Rootkit Arsenal Book Review
|
The Rootkit Arsenal
The Rootkit Arsenal Chapters
The Rootkit Arsenal Chapters
- Setting the Stage
- Forensic Evidence
- First Principles
- The Malware Connection
- Closing Thoughts
- Into the Catacombs: IA-32
- IA-32 Memory Models
- Real Mode
- Protected Mode
- Implementing Memory Protection
- Windows System Architecture
- Physical Memory
- Memory Protection
- Virtual Memory
- User Mode and Kernel Mode
- The Native API
- The Boot Process
- Design Decisions
- Rootkit Basics
- Rootkit Tools
- Debuggers
- A Rootkit Skeleton
- Loading a KMD
- Installing and LAunching a Rootkit
- Self-Healing Rootkits
- Windows Kernel Mode Security
- Synchronization
- Commentary
- Hooking Call Tables
- Hooking in User Space: The IAT
- Hooking in Kernel Space
- Hooking Countermeasures
- Counter Countermeasures
- Patching System Routines
- Run-time Patching
- Binary Patching
- Instruction Patching Countermeasures
- Altering Kernel Objects
- The Cost of Invisibility
- Revisiting the EPROCESS Object
- The DRIVER_SECTION Object
- The TOKEN Object
- Hiding a Process
- Hiding a Driver
- Manipulating the Access Token
- Using No-FU
- Countermeasures
- Commentary: Limits of the Two-Ring Model
- The Last Lines of Defense
- Deploying Filter Drivers
- Filter Driver Theory
- An Example: Logging Keystrokes
- Adding Functionality: Dealing with IRQLs
- Key Logging: Alternative Techniques
- Other Ways to Use Filter Drivers
- Defeating Live Response
- IDS, IPS and Forensics
- The Live Incident Response Process
- RAM Acquisition
- Defeating File System Analysis
- File System Analysis
- Countermeasures: Overview
- Countermeasures: Forensic Duplication
- Countermeasures: Deleted File Recovery
- Countermeasures: Acquiring Metada
- Countermeasures: Removing Known Files
- Countermeasures: File Signature analysis
- Countermeasures: Executable Analysis
- Borrowing Other Malware Tactics
- Defeating Network Analysis
- Worst-Case Scenario: Full Content Data Capture
- Tunneling: An Overview
- The Windows tcp/IP Stack
- DNS Tunneling
- DNS Tunneling: User Mode
- DNS Tunneling: WSK Implementation
- NDIS Protocol Drivers
- Countermeasure Summary
- Live Incident Response
- File System Analysis
- Network Traffic Analysis
- Why Anti-Forensics?
- The Tao of Rootkits
- Run Silent, Run Deep
- Development Mindset
- On Dealing with Proprietary Systems
- Saking Out the Kernel
- Walk before You Run: Patching System Code
- Walk before You Run: Altering System Data Structures
- The Advantages of Self-Reliant Code
- Leverage Existing Work
- Use a Layered Defense
- Study Your Target
- Separate Mechanism from Policy
- Closing Thoughts
The Rootkit Arsenal Appendices
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 10
- Chapter 11
|
|
Poised Solutions Library
Programming Books | Administration Books | Cyber Security Books
Computer Science Books | Electronic Books | Literature Books
Cyber Security Hardening | Cyber Security Monitoring
Cyber Security Encryption | Cyber Security Penetration
© Poised Solutions Copyright 2008 - 2009
Web Development and Web Design by Poised Solutions IT Practice
Guild of Developers • PantheonOS • Cyber Security
