Coverart for item
The Resource Rootkits and bootkits : reversing modern malware and next generation threats, by Alex Matsorov, Eugene Rodionov, and Sergey Bratus

Rootkits and bootkits : reversing modern malware and next generation threats, by Alex Matsorov, Eugene Rodionov, and Sergey Bratus

Label
Rootkits and bootkits : reversing modern malware and next generation threats
Title
Rootkits and bootkits
Title remainder
reversing modern malware and next generation threats
Statement of responsibility
by Alex Matsorov, Eugene Rodionov, and Sergey Bratus
Creator
Contributor
Author
Subject
Genre
Language
eng
Summary
Rootkits and Bootkits will teach you how to understand and counter sophisticated, advanced threats buried deep in a machine's boot process or UEFI firmware. With the aid of numerous case studies and professional research from three of the world's leading security experts, you'll trace malware development over time from rootkits like TDL3 to present-day UEFI implants and examine how they infect a system, persist through reboot, and evade security software. As you inspect and dissect real malware, you'll learn: How Windows boots-including 32-bit, 64-bit, and UEFI mode-and where to find vulnerabilities The details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard Reverse engineering and forensic techniques for analyzing real malware, including bootkits like Rovnix/Carberp, Gapz, TDL4, and the infamous rootkits TDL3 and Festi How to perform static and dynamic analysis using emulation and tools like Bochs and IDA Pro How to better understand the delivery stage of threats against BIOS and UEFI firmware in order to create detection capabilities How to use virtualization tools like VMware Workstation to reverse engineer bootkits and the Intel Chipsec tool to dig into forensic analysis Cybercrime syndicates and malicious actors will continue to write ever more persistent and covert attacks, but the game is not lost. Explore the cutting edge of malware analysis with Rootkits and Bootkits. Covers boot processes for Windows 32-bit and 64-bit operating systems
Cataloging source
UMI
http://library.link/vocab/creatorName
Matrosov, Alex
Dewey number
005.8
Illustrations
illustrations
Index
index present
LC call number
QA76.9.A25
Literary form
non fiction
Nature of contents
  • dictionaries
  • bibliography
http://library.link/vocab/relatedWorkOrContributorName
  • Rodionov, Eugene
  • Bratus, Sergey
http://library.link/vocab/subjectName
  • Computer security
  • Malware (Computer software)
  • COMPUTERS / Security / Viruses & Malware
Label
Rootkits and bootkits : reversing modern malware and next generation threats, by Alex Matsorov, Eugene Rodionov, and Sergey Bratus
Instantiates
Publication
Copyright
Bibliography note
Includes bibliographical references and index
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Abbreviations; Introduction; Why Read This Book?; What's in the Book?; Part 1: Rootkits; Part 2: Bootkits; Part 3: Defense and Forensic Techniques; How to Read This Book; Part I: Rootkits; Chapter 1: What's in a Rootkit: The TDL3 Case Study; History of TDL3 Distribution in the Wild; Infection Routine; Controlling the Flow of Data; Bring Your Own Linker; How TDL3's Kernel-Mode Hooks Work; The Hidden Filesystem; Conclusion: TDL3 Meets Its Nemesis; Chapter 2: Festi Rootkit: The Most Advanced Spam and DDoS Bot
  • The Case of Festi BotnetDissecting the Rootkit Driver; Festi Configuration Information for C&C Communication; Festi's Object-Oriented Framework; Plug-in Management; Built-in Plug-ins; Anti-Virtual Machine Techniques; Antidebugging Techniques; The Method for Hiding the Malicious Driver on Disk; The Method for Protecting the Festi Registry Key; The Festi Network Communication Protocol; Initialization Phase; Work Phase; Bypassing Security and Forensics Software; The Domain Generation Algorithm for C&C Failure; Malicious Functionality; The Spam Module; The DDoS Engine; Festi Proxy Plug-in
  • ConclusionChapter 3: Observing Rootkit Infections; Methods of Interception; Intercepting System Events; Intercepting System Calls; Intercepting the File Operations; Intercepting the Object Dispatcher; Restoring the System Kernel; The Great Rootkits Arms Race: A Nostalgic Note; Conclusion; Part II: Bootkits; Chapter 4: Evolution of the Bootkit; The First Bootkits; Boot Sector Infectors; Elk Cloner and Load Runner; The Brain Virus; The Evolution of Bootkits; The End of the BSI Era; The Kernel-Mode Code Signing Policy; The Rise of Secure Boot; Modern Bootkits; Conclusion
  • Chapter 5: Operating System Boot Process EssentialsHigh-Level Overview of the Windows Boot Process; The Legacy Boot Process; The Windows Boot Process; BIOS and the Preboot Environment; The Master Boot Record; The Volume Boot Record and Initial Program Loader; The bootmgr Module and Boot Configuration Data; Conclusion; Chapter 6: Boot Process Security; The Early Launch Anti-Malware Module; API Callback Routines; How Bootkits Bypass ELAM; Microsoft Kernel-Mode Code Signing Policy; Kernel-Mode Drivers Subject to Integrity Checks; Location of Driver Signatures; The Legacy Code Integrity Weakness
  • The ci.dll ModuleDefensive Changes in Windows 8; Secure Boot Technology; Virtualization-Based Security in Windows 10; Second Level Address Translation; Virtual Secure Mode and Device Guard; Device Guard Limitations on Driver Development; Conclusion; Chapter 7: Bootkit Infection Techniques; MBR Infection Techniques; MBR Code Modification: The TDL4 Infection Technique; MBR Partition Table Modification; VBR/IPL Infection Techniques; IPL Modifications: Rovnix; VBR Infection: Gapz; Conclusion; Chapter 8: Static Analysis of a Bootkit Using IDA Pro; Analyzing the Bootkit MBR
Control code
1103671222
Dimensions
unknown
Extent
1 online resource (1 volume)
Form of item
online
Isbn
9781593278830
Media category
computer
Media MARC source
rdamedia
Media type code
c
Other physical details
illustrations
http://library.link/vocab/ext/overdrive/overdriveId
cl0501000051
Publisher number
EB00756212
Sound
unknown sound
Specific material designation
remote
System control number
(OCoLC)1103671222
Label
Rootkits and bootkits : reversing modern malware and next generation threats, by Alex Matsorov, Eugene Rodionov, and Sergey Bratus
Publication
Copyright
Bibliography note
Includes bibliographical references and index
Carrier category
online resource
Carrier category code
cr
Carrier MARC source
rdacarrier
Content category
text
Content type code
txt
Content type MARC source
rdacontent
Contents
  • Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Abbreviations; Introduction; Why Read This Book?; What's in the Book?; Part 1: Rootkits; Part 2: Bootkits; Part 3: Defense and Forensic Techniques; How to Read This Book; Part I: Rootkits; Chapter 1: What's in a Rootkit: The TDL3 Case Study; History of TDL3 Distribution in the Wild; Infection Routine; Controlling the Flow of Data; Bring Your Own Linker; How TDL3's Kernel-Mode Hooks Work; The Hidden Filesystem; Conclusion: TDL3 Meets Its Nemesis; Chapter 2: Festi Rootkit: The Most Advanced Spam and DDoS Bot
  • The Case of Festi BotnetDissecting the Rootkit Driver; Festi Configuration Information for C&C Communication; Festi's Object-Oriented Framework; Plug-in Management; Built-in Plug-ins; Anti-Virtual Machine Techniques; Antidebugging Techniques; The Method for Hiding the Malicious Driver on Disk; The Method for Protecting the Festi Registry Key; The Festi Network Communication Protocol; Initialization Phase; Work Phase; Bypassing Security and Forensics Software; The Domain Generation Algorithm for C&C Failure; Malicious Functionality; The Spam Module; The DDoS Engine; Festi Proxy Plug-in
  • ConclusionChapter 3: Observing Rootkit Infections; Methods of Interception; Intercepting System Events; Intercepting System Calls; Intercepting the File Operations; Intercepting the Object Dispatcher; Restoring the System Kernel; The Great Rootkits Arms Race: A Nostalgic Note; Conclusion; Part II: Bootkits; Chapter 4: Evolution of the Bootkit; The First Bootkits; Boot Sector Infectors; Elk Cloner and Load Runner; The Brain Virus; The Evolution of Bootkits; The End of the BSI Era; The Kernel-Mode Code Signing Policy; The Rise of Secure Boot; Modern Bootkits; Conclusion
  • Chapter 5: Operating System Boot Process EssentialsHigh-Level Overview of the Windows Boot Process; The Legacy Boot Process; The Windows Boot Process; BIOS and the Preboot Environment; The Master Boot Record; The Volume Boot Record and Initial Program Loader; The bootmgr Module and Boot Configuration Data; Conclusion; Chapter 6: Boot Process Security; The Early Launch Anti-Malware Module; API Callback Routines; How Bootkits Bypass ELAM; Microsoft Kernel-Mode Code Signing Policy; Kernel-Mode Drivers Subject to Integrity Checks; Location of Driver Signatures; The Legacy Code Integrity Weakness
  • The ci.dll ModuleDefensive Changes in Windows 8; Secure Boot Technology; Virtualization-Based Security in Windows 10; Second Level Address Translation; Virtual Secure Mode and Device Guard; Device Guard Limitations on Driver Development; Conclusion; Chapter 7: Bootkit Infection Techniques; MBR Infection Techniques; MBR Code Modification: The TDL4 Infection Technique; MBR Partition Table Modification; VBR/IPL Infection Techniques; IPL Modifications: Rovnix; VBR Infection: Gapz; Conclusion; Chapter 8: Static Analysis of a Bootkit Using IDA Pro; Analyzing the Bootkit MBR
Control code
1103671222
Dimensions
unknown
Extent
1 online resource (1 volume)
Form of item
online
Isbn
9781593278830
Media category
computer
Media MARC source
rdamedia
Media type code
c
Other physical details
illustrations
http://library.link/vocab/ext/overdrive/overdriveId
cl0501000051
Publisher number
EB00756212
Sound
unknown sound
Specific material designation
remote
System control number
(OCoLC)1103671222

Library Locations

    • Ellis LibraryBorrow it
      1020 Lowry Street, Columbia, MO, 65201, US
      38.944491 -92.326012
    • Engineering Library & Technology CommonsBorrow it
      W2001 Lafferre Hall, Columbia, MO, 65211, US
      38.946102 -92.330125
Processing Feedback ...