Coverart for item
The Resource Rootkit arsenal : escape and evasion in the dark corners of the system, Bill Blunden

Rootkit arsenal : escape and evasion in the dark corners of the system, Bill Blunden

Label
Rootkit arsenal : escape and evasion in the dark corners of the system
Title
Rootkit arsenal
Title remainder
escape and evasion in the dark corners of the system
Statement of responsibility
Bill Blunden
Creator
Subject
Language
eng
Cataloging source
UMI
http://library.link/vocab/creatorDate
1969-
http://library.link/vocab/creatorName
Blunden, Bill
Dewey number
005.8
Index
index present
LC call number
QA76.9.A25
LC item number
B585 2013
Literary form
non fiction
Nature of contents
  • dictionaries
  • bibliography
http://library.link/vocab/subjectName
  • Rootkits (Computer software)
  • Computers
  • Computer viruses
  • Hackers
  • Computer viruses
  • Computers
  • Hackers
  • Rootkits (Computer software)
Label
Rootkit arsenal : escape and evasion in the dark corners of the system, Bill Blunden
Instantiates
Publication
Bibliography note
Includes bibliographical references and index
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • ""Title page""; ""Copyright page""; ""Dedication""; ""Contents""; ""Preface""; ""Part I: Foundations""; ""Chapter 1: Empty Cup Mind""; ""1.1 An Uninvited Guest""; ""1.2 Distilling a More Precise Definition""; ""1.3 Rootkits!= Malware""; ""1.4 Who Is Building and Using Rootkits?""; ""1.5 Tales from the Crypt: Battlefield Triage""; ""1.6 Conclusions""; ""Chapter 2: Overview of Anti-Forensics""; ""2.1 Incident Response""; ""2.2 Computer Forensics""; ""2.3 AF Strategies""; ""2.4 General Advice for AF Techniques""; ""2.5 John Doe Has the Upper Hand""; ""2.6 Conclusions""
  • ""Chapter 3: Hardware Briefing""""3.1 Physical Memory""; ""3.2 IA-32 Memory Models""; ""3.3 Real Mode""; ""3.4 Protected Mode""; ""3.5 Implementing Memory Protection""; ""Chapter 4: System Briefing""; ""4.1 Physical Memory under Windows""; ""4.2 Segmentation and Paging under Windows""; ""4.3 User Space and Kernel Space""; ""4.4 User Mode and Kernel Mode""; ""4.5 Other Memory Protection Features""; ""4.6 The Native API""; ""4.7 The BOOT Process""; ""4.8 Design Decisions""; ""Chapter 5: Tools of the Trade""; ""5.1 Development Tools""; ""5.2 Debuggers""; ""5.3 The KD.exe Kernel Debugger""
  • ""Chapter 6: Life in Kernel Space""""6.1 A KMD Template""; ""6.2 Loading a KMD""; ""6.3 The Service Control Manager""; ""6.4 Using an Export Driver""; ""6.5 Leveraging an Exploit in the Kernel""; ""6.6 Windows Kernel-Mode Security""; ""6.7 Synchronization""; ""6.8 Conclusions""; ""Part II: Postmortem""; ""Chapter 7: Defeating Disk Analysis""; ""7.1 Postmortem Investigation: An Overview""; ""7.2 Forensic Duplication""; ""7.3 Volume Analysis""; ""7.4 File System Analysis""; ""7.5 File Signature Analysis""; ""7.6 Conclusions""; ""Chapter 8: Defeating Executable Analysis""
  • ""8.1 Static Analysis""""8.2 Subverting Static Analysis""; ""8.3 Runtime Analysis""; ""8.4 Subverting Runtime Analysis""; ""8.5 Conclusions""; ""Part III: Live Response""; ""Chapter 9: Defeating Live Response""; ""9.1 Live Incident Response: The Basic Process""; ""9.2 User-Mode Loaders (UMLs)""; ""9.3 Minimizing Loader Footprint""; ""9.4 The Argument Against Stand-Alone PELoaders""; ""Chapter 10: Building Shellcode in C""; ""10.1 User-Mode Shellcode""; ""10.2 Kernel-Mode Shellcode""; ""10.3 Special Weapons and Tactics""; ""10.4 Looking Ahead""; ""Chapter 11: Modifying Call Tables""
  • ""11.1 Hooking in User Space: The IAT""""11.2 Call Tables in Kernel Space""; ""11.3 Hooking the IDT""; ""11.4 Hooking Processor MSRs""; ""11.5 Hooking the SSDT""; ""11.6 Hooking IRP Handlers""; ""11.7 Hooking the GDT: Installing a Call Gate""; ""11.8 Hooking Countermeasures""; ""11.9 Counter-Countermeasures""; ""Chapter 12: Modifying Code""; ""12.1 Tracing Calls""; ""12.2 Subverting Group Policy""; ""12.3 Bypassing Kernel-Mode API Loggers""; ""12.4 Instruction Patching Countermeasures""; ""Chapter 13: Modifying Kernel Objects""; ""13.1 The Cost of Invisibility""
Control code
808125878
Dimensions
unknown
Edition
2nd ed.
Extent
1 online resource (1 volume)
Form of item
online
Isbn
9781449626372
Media category
computer
Media MARC source
rdamedia
Media type code
c
http://library.link/vocab/ext/overdrive/overdriveId
cl0500000163
Sound
unknown sound
Specific material designation
remote
System control number
(OCoLC)808125878
Label
Rootkit arsenal : escape and evasion in the dark corners of the system, Bill Blunden
Publication
Bibliography note
Includes bibliographical references and index
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • ""Title page""; ""Copyright page""; ""Dedication""; ""Contents""; ""Preface""; ""Part I: Foundations""; ""Chapter 1: Empty Cup Mind""; ""1.1 An Uninvited Guest""; ""1.2 Distilling a More Precise Definition""; ""1.3 Rootkits!= Malware""; ""1.4 Who Is Building and Using Rootkits?""; ""1.5 Tales from the Crypt: Battlefield Triage""; ""1.6 Conclusions""; ""Chapter 2: Overview of Anti-Forensics""; ""2.1 Incident Response""; ""2.2 Computer Forensics""; ""2.3 AF Strategies""; ""2.4 General Advice for AF Techniques""; ""2.5 John Doe Has the Upper Hand""; ""2.6 Conclusions""
  • ""Chapter 3: Hardware Briefing""""3.1 Physical Memory""; ""3.2 IA-32 Memory Models""; ""3.3 Real Mode""; ""3.4 Protected Mode""; ""3.5 Implementing Memory Protection""; ""Chapter 4: System Briefing""; ""4.1 Physical Memory under Windows""; ""4.2 Segmentation and Paging under Windows""; ""4.3 User Space and Kernel Space""; ""4.4 User Mode and Kernel Mode""; ""4.5 Other Memory Protection Features""; ""4.6 The Native API""; ""4.7 The BOOT Process""; ""4.8 Design Decisions""; ""Chapter 5: Tools of the Trade""; ""5.1 Development Tools""; ""5.2 Debuggers""; ""5.3 The KD.exe Kernel Debugger""
  • ""Chapter 6: Life in Kernel Space""""6.1 A KMD Template""; ""6.2 Loading a KMD""; ""6.3 The Service Control Manager""; ""6.4 Using an Export Driver""; ""6.5 Leveraging an Exploit in the Kernel""; ""6.6 Windows Kernel-Mode Security""; ""6.7 Synchronization""; ""6.8 Conclusions""; ""Part II: Postmortem""; ""Chapter 7: Defeating Disk Analysis""; ""7.1 Postmortem Investigation: An Overview""; ""7.2 Forensic Duplication""; ""7.3 Volume Analysis""; ""7.4 File System Analysis""; ""7.5 File Signature Analysis""; ""7.6 Conclusions""; ""Chapter 8: Defeating Executable Analysis""
  • ""8.1 Static Analysis""""8.2 Subverting Static Analysis""; ""8.3 Runtime Analysis""; ""8.4 Subverting Runtime Analysis""; ""8.5 Conclusions""; ""Part III: Live Response""; ""Chapter 9: Defeating Live Response""; ""9.1 Live Incident Response: The Basic Process""; ""9.2 User-Mode Loaders (UMLs)""; ""9.3 Minimizing Loader Footprint""; ""9.4 The Argument Against Stand-Alone PELoaders""; ""Chapter 10: Building Shellcode in C""; ""10.1 User-Mode Shellcode""; ""10.2 Kernel-Mode Shellcode""; ""10.3 Special Weapons and Tactics""; ""10.4 Looking Ahead""; ""Chapter 11: Modifying Call Tables""
  • ""11.1 Hooking in User Space: The IAT""""11.2 Call Tables in Kernel Space""; ""11.3 Hooking the IDT""; ""11.4 Hooking Processor MSRs""; ""11.5 Hooking the SSDT""; ""11.6 Hooking IRP Handlers""; ""11.7 Hooking the GDT: Installing a Call Gate""; ""11.8 Hooking Countermeasures""; ""11.9 Counter-Countermeasures""; ""Chapter 12: Modifying Code""; ""12.1 Tracing Calls""; ""12.2 Subverting Group Policy""; ""12.3 Bypassing Kernel-Mode API Loggers""; ""12.4 Instruction Patching Countermeasures""; ""Chapter 13: Modifying Kernel Objects""; ""13.1 The Cost of Invisibility""
Control code
808125878
Dimensions
unknown
Edition
2nd ed.
Extent
1 online resource (1 volume)
Form of item
online
Isbn
9781449626372
Media category
computer
Media MARC source
rdamedia
Media type code
c
http://library.link/vocab/ext/overdrive/overdriveId
cl0500000163
Sound
unknown sound
Specific material designation
remote
System control number
(OCoLC)808125878

Library Locations

    • Ellis LibraryBorrow it
      1020 Lowry Street, Columbia, MO, 65201, US
      38.944491 -92.326012
    • Engineering Library & Technology CommonsBorrow it
      W2001 Lafferre Hall, Columbia, MO, 65211, US
      38.946102 -92.330125
Processing Feedback ...