Rootkits and bootkits : reversing modern malware and next generation threats /

Rootkits and bootkits : reversing modern malware and next generation threats /

"Presents information on the history of malware, how it works and how to identify it, and how to counter and prevent threats"--

Saved in:
Bibliographic Details
Main Authors: Matrosov, Alex (Author), Rodionov, Eugene (Author), Bratus, Sergey (Author)
Format: Electronic eBook
Language:English
Published: San Francisco : No Starch Press, Inc., [2019]
Subjects:
Computer security.
Malware (Computer software)
Online Access:CONNECT

MARC

LEADER 00000cam a22000008i 4500
001 in00006068637
006 m o d
007 cr |||||||||||
008 171005s2019 cau ob 001 0 eng
005 20220713133459.3
010 |a  2017048113 
035 |a 1WRLDSHRon1005741834 
040 |a DLC  |b eng  |e rda  |e pn  |c DLC  |d OCLCF  |d OCLCO  |d OCLCA  |d OCLCQ  |d N$T  |d OCL  |d CEF  |d G3B  |d UMI  |d RECBK  |d C6I  |d EBLCP  |d COO  |d OCL  |d OCLCO 
019 |a 1102606598  |a 1103555590  |a 1103671222 
020 |a 1593278837  |q (epub) 
020 |a 9781593278830  |q (electronic bk.) 
020 |z 9781593277161  |q (pbk.) 
024 8 |a 9781492071259 
028 0 2 |a EB00756212  |b Recorded Books 
035 |a (OCoLC)1005741834  |z (OCoLC)1102606598  |z (OCoLC)1103555590  |z (OCoLC)1103671222 
037 |a CL0501000051  |b Safari Books Online 
042 |a pcc 
050 1 0 |a QA76.9.A25 
082 0 0 |a 005.8  |2 23 
049 |a TXMM 
100 1 |a Matrosov, Alex,  |e author. 
245 1 0 |a Rootkits and bootkits :  |b reversing modern malware and next generation threats /  |c by Alex Matsorov, Eugene Rodionov, and Sergey Bratus. 
263 |a 1802 
264 1 |a San Francisco :  |b No Starch Press, Inc.,  |c [2019] 
300 |a 1 online resource 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
347 |a text file 
520 |a "Presents information on the history of malware, how it works and how to identify it, and how to counter and prevent threats"--  |c Provided by publisher 
588 0 |a Print version record and CIP data provided by publisher; resource not viewed. 
504 |a Includes bibliographical references and index. 
505 0 |a Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Abbreviations; Introduction; Why Read This Book?; What's in the Book?; Part 1: Rootkits; Part 2: Bootkits; Part 3: Defense and Forensic Techniques; How to Read This Book; Part I: Rootkits; Chapter 1: What's in a Rootkit: The TDL3 Case Study; History of TDL3 Distribution in the Wild; Infection Routine; Controlling the Flow of Data; Bring Your Own Linker; How TDL3's Kernel-Mode Hooks Work; The Hidden Filesystem; Conclusion: TDL3 Meets Its Nemesis; Chapter 2: Festi Rootkit: The Most Advanced Spam and DDoS Bot 
505 8 |a The Case of Festi BotnetDissecting the Rootkit Driver; Festi Configuration Information for C & C Communication; Festi's Object-Oriented Framework; Plug-in Management; Built-in Plug-ins; Anti-Virtual Machine Techniques; Antidebugging Techniques; The Method for Hiding the Malicious Driver on Disk; The Method for Protecting the Festi Registry Key; The Festi Network Communication Protocol; Initialization Phase; Work Phase; Bypassing Security and Forensics Software; The Domain Generation Algorithm for C & C Failure; Malicious Functionality; The Spam Module; The DDoS Engine; Festi Proxy Plug-in 
505 8 |a ConclusionChapter 3: Observing Rootkit Infections; Methods of Interception; Intercepting System Events; Intercepting System Calls; Intercepting the File Operations; Intercepting the Object Dispatcher; Restoring the System Kernel; The Great Rootkits Arms Race: A Nostalgic Note; Conclusion; Part II: Bootkits; Chapter 4: Evolution of the Bootkit; The First Bootkits; Boot Sector Infectors; Elk Cloner and Load Runner; The Brain Virus; The Evolution of Bootkits; The End of the BSI Era; The Kernel-Mode Code Signing Policy; The Rise of Secure Boot; Modern Bootkits; Conclusion 
505 8 |a Chapter 5: Operating System Boot Process EssentialsHigh-Level Overview of the Windows Boot Process; The Legacy Boot Process; The Windows Boot Process; BIOS and the Preboot Environment; The Master Boot Record; The Volume Boot Record and Initial Program Loader; The bootmgr Module and Boot Configuration Data; Conclusion; Chapter 6: Boot Process Security; The Early Launch Anti-Malware Module; API Callback Routines; How Bootkits Bypass ELAM; Microsoft Kernel-Mode Code Signing Policy; Kernel-Mode Drivers Subject to Integrity Checks; Location of Driver Signatures; The Legacy Code Integrity Weakness 
505 8 |a The ci.dll ModuleDefensive Changes in Windows 8; Secure Boot Technology; Virtualization-Based Security in Windows 10; Second Level Address Translation; Virtual Secure Mode and Device Guard; Device Guard Limitations on Driver Development; Conclusion; Chapter 7: Bootkit Infection Techniques; MBR Infection Techniques; MBR Code Modification: The TDL4 Infection Technique; MBR Partition Table Modification; VBR/IPL Infection Techniques; IPL Modifications: Rovnix; VBR Infection: Gapz; Conclusion; Chapter 8: Static Analysis of a Bootkit Using IDA Pro; Analyzing the Bootkit MBR 
542 |f Copyright © No Starch Press 
590 |a O'Reilly Online Learning Platform: Academic Edition (SAML SSO Access) 
650 0 |a Computer security. 
650 0 |a Malware (Computer software) 
700 1 |a Rodionov, Eugene,  |e author. 
700 1 |a Bratus, Sergey,  |e author. 
730 0 |a WORLDSHARE SUB RECORDS 
776 0 8 |i Print version:  |a Matsorov, Alex.  |t Rootkits and bootkits.  |d San Francisco : No Starch Press, Inc., [2019]  |z 9781593277161  |w (DLC) 2017022905 
856 4 0 |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781492071259/?ar  |z CONNECT  |3 O'Reilly  |t 0 
949 |a ho0 
994 |a 92  |b TXM 
998 |a wi  |d z 
999 f f |s eecaff4d-20ec-4554-90e9-e48128e13e6b  |i bb0fae26-44a1-4640-a3a2-47b8260bad75  |t 0 
952 f f |a Middle Tennessee State University  |b Main  |c James E. Walker Library  |d Electronic Resources  |t 0  |e QA76.9.A25   |h Library of Congress classification 
856 4 0 |3 O'Reilly  |t 0  |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781492071259/?ar  |z CONNECT 

Similar Items