Rating:
Author: Erez Metula
ISBN : B004FV4R36
New from $15.30
Format: PDF
Download Free Managed Code Rootkits: Hooking into Runtime Environments [Kindle Edition] for everyone book 4shared, mediafire, hotfile, and mirror link
Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.
- Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
- Introduces the reader briefly to managed code environments and rootkits in general
- Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
- Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios
Books with free ebook downloads available Free Managed Code Rootkits: Hooking into Runtime Environments [Kindle Edition]
- File Size: 3109 KB
- Print Length: 336 pages
- Publisher: Syngress; 1 edition (November 25, 2010)
- Sold by: Amazon Digital Services, Inc.
- Language: English
- ASIN: B004FV4R36
- Text-to-Speech: Enabled
X-Ray:
- Lending: Not Enabled
- Amazon Best Sellers Rank: #552,524 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
Free Managed Code Rootkits: Hooking into Runtime Environments
I was very excited when I received this book in my mail and set some time each day to continue reading it. Syngress has been releasing amazing material that has made me follow them as closely as I do with No Starch Press. This release is no exception.
While reading through this book, I learned that the point wasn't really to shock and awe with this type of rootkit nor to shed light on a previously unknown area of managed code, but to show how braindead simple it is to create an MCR (managed code rootkit). The author gives hand-held examples on how to implement his technique in Java's JVM, .net's CLR, and Android's Dalvik.
Following along with the authors guidance and tools, a PoC can be manually made with a tiny bit of C/C++ knowledge. However, to even cut this requirement, an open-source automated framework is shown in later chapters as well. Which is truly amazing, or scary depending on your perspective, that anyone who can follow this book can make a working MCR today.
Now, the main technique is nothing new. Replacement of a run-time library to export a modified function that gets executed by your normal application, which allows a normal export to become a backdoor'd export. However, I noticed something. Just like managed languages are usually good picks until you go further down to the machine level and start managing different aspects for optimizations, this book is just like that for rootkits. It provides a great introduction to rootkits in general and you can follow along without any kind of programming knowledge. This book will definitely ease you into the subject of the rootkit.
For those of you with a little more experience, different examples of things to do with the MCR are given.
Managed Code Rootkits (MCR) is one of the best books I've read in 2011. MCR is a one-man tour-de-force through the world of malicious software that leverages managed code for its runtime. Prior to reading the book I was only vaguely aware of the concept and implementation. After reading MCR, I am wondering when we might see more of this technique in the wild. Author Erez Metula does almost everything right in MCR, and I strongly recommend reading it.
MCR is a great book because it addresses a topic that almost no one else covers in the published world. The book is easy to read, clear, coherent, methodical, well-organized, and thorough. The author doesn't limit the topic to only .NET; he also provides examples of Java and Android Dalvik code.
One of the best aspects of MCR is the author's recognition that readers are likely relying on the book for an introduction to the topic, so he makes sure to explain what he's discussing. He keeps the readers' perspective in mind and makes the right assumptions about their level of familiarity with the subject and likely expertise. It can be very frustrating to read a book written as if the author is talking to a colleague for whom the material is already well-known. Authors -- if readers already know a topic, they're likely not going to buy your book!
MCR contains the right mix of background, justification, theory, implementation, and code to fit any technical reader's interests. I'm not particularly interested in the topic as a matter of course, but I read the book because the author's excitement for the topic and his explanations hooked me.
The only weakness I found is that sometimes the screen captures are too small to be easily read.