Rating:
(4 reviews)
Author: Visit Amazon's Erez Metula Page
ISBN : 1597495743
New from $33.26
Format: PDF
Download for free books Free Managed Code Rootkits: Hooking into Runtime Environments Paperback from mediafire, rapishare, and mirror link
Review
"A well-put-together work: I was able to put some of the tasks to work for me right away. An excellent resource: Technical enough to be useful, but not overly technical." -- Chris Griffin, Trainer, ISECOM USA
"As someone who has to deal with .NET security every day, I always look for new ideas and tools to make .NET applications more secure. This book provides both. It's especially valuable when you have to protect apps without having access to their original source code." -- Kyle C. Quest, GREM, GWAPT, GCIH, GCFA, GCIA, GCWN, GCUX, GCFW, GSNA, CISSP, CIPP, Director of Security Engineering, MetraTech
"Overall the book is very well structured and presented in a way that maintains the reader's interest as the author delves ever deeper into why hackers use MCRs to target an organisation's applications. Continuity of the content is maintained by helpful summaries at the end of each chapter. Mr Metula is a consummate and talented security practitioner who knows his subject thoroughly. I consider this book to be excellent value for money and would recommend it to any security professional. In today's austere economic climate, modern IT solutions are being sought that are proven value for money. The use of virtual servers is rapidly increasing as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--InfoSecReviews.com
"In today's austere economic climate, modern IT solutions are being sought?that are proven value for money. The use of virtual servers is rapidly increasing?as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--Best Hacking and Pen Testing Books in InfoSecReviews Book Awards
From the Back Cover
Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.
See all Editorial Reviews
Download latest books on mediafire and other links compilation Free Managed Code Rootkits: Hooking into Runtime Environments Paperback
- Paperback: 336 pages
- Publisher: Syngress; 1 edition (November 11, 2010)
- Language: English
- ISBN-10: 1597495743
- ISBN-13: 978-1597495745
- Product Dimensions: 0.9 x 7.3 x 9 inches
- Shipping Weight: 1.5 pounds (View shipping rates and policies)
Free Managed Code Rootkits: Hooking into Runtime Environments
I was very excited when I received this book in my mail and set some time each day to continue reading it. Syngress has been releasing amazing material that has made me follow them as closely as I do with No Starch Press. This release is no exception.
While reading through this book, I learned that the point wasn't really to shock and awe with this type of rootkit nor to shed light on a previously unknown area of managed code, but to show how braindead simple it is to create an MCR (managed code rootkit). The author gives hand-held examples on how to implement his technique in Java's JVM, .net's CLR, and Android's Dalvik.
Following along with the authors guidance and tools, a PoC can be manually made with a tiny bit of C/C++ knowledge. However, to even cut this requirement, an open-source automated framework is shown in later chapters as well. Which is truly amazing, or scary depending on your perspective, that anyone who can follow this book can make a working MCR today.
Now, the main technique is nothing new. Replacement of a run-time library to export a modified function that gets executed by your normal application, which allows a normal export to become a backdoor'd export. However, I noticed something. Just like managed languages are usually good picks until you go further down to the machine level and start managing different aspects for optimizations, this book is just like that for rootkits. It provides a great introduction to rootkits in general and you can follow along without any kind of programming knowledge. This book will definitely ease you into the subject of the rootkit.
For those of you with a little more experience, different examples of things to do with the MCR are given.
Managed Code Rootkits (MCR) is one of the best books I've read in 2011. MCR is a one-man tour-de-force through the world of malicious software that leverages managed code for its runtime. Prior to reading the book I was only vaguely aware of the concept and implementation. After reading MCR, I am wondering when we might see more of this technique in the wild. Author Erez Metula does almost everything right in MCR, and I strongly recommend reading it.
MCR is a great book because it addresses a topic that almost no one else covers in the published world. The book is easy to read, clear, coherent, methodical, well-organized, and thorough. The author doesn't limit the topic to only .NET; he also provides examples of Java and Android Dalvik code.
One of the best aspects of MCR is the author's recognition that readers are likely relying on the book for an introduction to the topic, so he makes sure to explain what he's discussing. He keeps the readers' perspective in mind and makes the right assumptions about their level of familiarity with the subject and likely expertise. It can be very frustrating to read a book written as if the author is talking to a colleague for whom the material is already well-known. Authors -- if readers already know a topic, they're likely not going to buy your book!
MCR contains the right mix of background, justification, theory, implementation, and code to fit any technical reader's interests. I'm not particularly interested in the topic as a matter of course, but I read the book because the author's excitement for the topic and his explanations hooked me.
The only weakness I found is that sometimes the screen captures are too small to be easily read.
-
Download Link 2