CompleteMartialArts.com - Rootkits: Subverting the Windows Kernel (Addison-Wesley Software Security Series)
|
List Price: $54.99
Our Price: $34.64
Your Save: $ 20.35 ( 37% )
Availability: Usually ships in 24 hours
Manufacturer: Addison-Wesley Professional
|
Average Customer Rating: 
|
|
Binding: Paperback
Dewey Decimal Number: 005.8
EAN: 9780321294319
ISBN: 0321294319
Label: Addison-Wesley Professional
Manufacturer: Addison-Wesley Professional
Number Of Items: 1
Number Of Pages: 352
Publication Date: 2005-08-01
Publisher: Addison-Wesley Professional
Studio: Addison-Wesley Professional
|
|
|
|
|
|
Editorial Reviews:
|
|
"Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the worlds leading experts have written the first comprehensive guide to rootkits: what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection. Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers. After reading this book, readers will be able to - Understand the role of rootkits in remote command/control and software eavesdropping
- Build kernel rootkits that can make processes, files, and directories invisible
- Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects
- Work with layered drivers to implement keyboard sniffers and file filters
- Detect rootkits and build host-based intrusion prevention software that resists rootkit attacks
Visit rootkit.com for code and programs from this book. The site also contains enhancements to the book's text, such as up-to-the-minute information on rootkits available nowhere else.
"
|
|
|
Spotlight customer reviews:
|
Customer Rating:
Summary: Excellent intermediate/advanced security book
Comment: I finally picked up this book last year and throughoughly enjoyed it. I keep referring to it because the examples build up to the point of qualified proof of concept. The examples also are different enough from the other ones that are easy to find with Google, so between the two you get a complete view of the vulnerable issue.
The book's title should be obvious enough; this is NOT a book of defenses. However, if you understand these attacks you will be better equiped to deal with them when they happen. This book is no replacement for hands-on training in person with a qualified instructor such as at the SANS Institute, but it is an excellent supplement.
Customer Rating:
Summary: Great Book
Comment: Its a great place to start...and works its way through some pretty indepth concepts. The great part is that for the beginner it is step by step....and they tell you were to download everything you will need. Anyways loved it, read it twice.
Customer Rating: 
Summary: The definitive text on Windows rootkits, applicable in 2005 or 2007
Comment: I read Rootkits: Subverting the Windows Kernel last year, but waited until I read Joseph Kong's Designing BSD Rootkits before reviewing both books. In a head-to-head comparison, I thought Kong's book was easier to comprehend and directly covered the key techniques I wanted to see. If I could give this book 4 1/2 stars I would, but Amazon doesn't allow that luxury.
Hoglund and Butler should be commended for writing this book. It really does assemble the parts (meaning techniques and code) necessary to implement a Windows rootkit, at least prior to Windows Vista. My only concern is that, at times, the authors are not as clear as I hoped they might be. This is probably due to the fact that they are two of the best rootkit writers on the planet, so they probably do not remember what it was like to not understand "hooking" and other techniques.
In some ways Rootkits is probably a book best suited for other experts (like many who wrote reviews here). That leaves beginners (like myself) wishing for a little more foundation or direct language prior to reading about implementation tricks.
One of the greatest strengths of this book, however, is the degree to which it exposes the internal workings of Windows. For greatest effect it's probably worth reading Microsoft Windows Internals, Fourth Edition by Russinovich and Solomon first.
Note that although I found the direct approach of the BSD rootkits book better for my learning style, this book by Hoglund and Butler is deeper in several areas. In fact, those who liked the BSD rootkits book would do well to read its Windows counterpart to learn tricks from Hoglund and Butler.
Customer Rating:
Summary: Belongs on all IT security professionals' bookshelves
Comment: Not an easy read if you're not already familiar with programming and operating system concepts, but then if you are an IT security professional you'd better be, and the book explains why.
Customer Rating:
Summary: Excellent read
Comment: I have been around the software industry now for almost 20 years and every now and then I find a book where I learn exciting things, this is one of those books. It reminds me of the early days of low level Windows programming but with very up to date information on the OS and how to apply it. The book is obviously designed to attract hackers - both black and white hats - however it does do a good job diving on the internals of the Posix and Windows subsystems. If you like low level stuff this book is for you.
|
|
|
|
|
|
|