Rootkits and bootkits : reversing modern malware and next generation threats /
"Presents information on the history of malware, how it works and how to identify it, and how to counter and prevent threats"--
Saved in:
Main Authors: | , , |
---|---|
Format: | Electronic eBook |
Language: | English |
Published: |
San Francisco :
No Starch Press, Inc.,
[2019]
|
Subjects: | |
Online Access: | CONNECT |
MARC
LEADER | 00000cam a22000008i 4500 | ||
---|---|---|---|
001 | in00006068637 | ||
006 | m o d | ||
007 | cr ||||||||||| | ||
008 | 171005s2019 cau ob 001 0 eng | ||
005 | 20220713133459.3 | ||
010 | |a 2017048113 | ||
035 | |a 1WRLDSHRon1005741834 | ||
040 | |a DLC |b eng |e rda |e pn |c DLC |d OCLCF |d OCLCO |d OCLCA |d OCLCQ |d N$T |d OCL |d CEF |d G3B |d UMI |d RECBK |d C6I |d EBLCP |d COO |d OCL |d OCLCO | ||
019 | |a 1102606598 |a 1103555590 |a 1103671222 | ||
020 | |a 1593278837 |q (epub) | ||
020 | |a 9781593278830 |q (electronic bk.) | ||
020 | |z 9781593277161 |q (pbk.) | ||
024 | 8 | |a 9781492071259 | |
028 | 0 | 2 | |a EB00756212 |b Recorded Books |
035 | |a (OCoLC)1005741834 |z (OCoLC)1102606598 |z (OCoLC)1103555590 |z (OCoLC)1103671222 | ||
037 | |a CL0501000051 |b Safari Books Online | ||
042 | |a pcc | ||
050 | 1 | 0 | |a QA76.9.A25 |
082 | 0 | 0 | |a 005.8 |2 23 |
049 | |a TXMM | ||
100 | 1 | |a Matrosov, Alex, |e author. | |
245 | 1 | 0 | |a Rootkits and bootkits : |b reversing modern malware and next generation threats / |c by Alex Matsorov, Eugene Rodionov, and Sergey Bratus. |
263 | |a 1802 | ||
264 | 1 | |a San Francisco : |b No Starch Press, Inc., |c [2019] | |
300 | |a 1 online resource | ||
336 | |a text |b txt |2 rdacontent | ||
337 | |a computer |b c |2 rdamedia | ||
338 | |a online resource |b cr |2 rdacarrier | ||
347 | |a text file | ||
520 | |a "Presents information on the history of malware, how it works and how to identify it, and how to counter and prevent threats"-- |c Provided by publisher | ||
588 | 0 | |a Print version record and CIP data provided by publisher; resource not viewed. | |
504 | |a Includes bibliographical references and index. | ||
505 | 0 | |a Intro; Brief Contents; Contents in Detail; Foreword; Acknowledgments; Abbreviations; Introduction; Why Read This Book?; What's in the Book?; Part 1: Rootkits; Part 2: Bootkits; Part 3: Defense and Forensic Techniques; How to Read This Book; Part I: Rootkits; Chapter 1: What's in a Rootkit: The TDL3 Case Study; History of TDL3 Distribution in the Wild; Infection Routine; Controlling the Flow of Data; Bring Your Own Linker; How TDL3's Kernel-Mode Hooks Work; The Hidden Filesystem; Conclusion: TDL3 Meets Its Nemesis; Chapter 2: Festi Rootkit: The Most Advanced Spam and DDoS Bot | |
505 | 8 | |a The Case of Festi BotnetDissecting the Rootkit Driver; Festi Configuration Information for C & C Communication; Festi's Object-Oriented Framework; Plug-in Management; Built-in Plug-ins; Anti-Virtual Machine Techniques; Antidebugging Techniques; The Method for Hiding the Malicious Driver on Disk; The Method for Protecting the Festi Registry Key; The Festi Network Communication Protocol; Initialization Phase; Work Phase; Bypassing Security and Forensics Software; The Domain Generation Algorithm for C & C Failure; Malicious Functionality; The Spam Module; The DDoS Engine; Festi Proxy Plug-in | |
505 | 8 | |a ConclusionChapter 3: Observing Rootkit Infections; Methods of Interception; Intercepting System Events; Intercepting System Calls; Intercepting the File Operations; Intercepting the Object Dispatcher; Restoring the System Kernel; The Great Rootkits Arms Race: A Nostalgic Note; Conclusion; Part II: Bootkits; Chapter 4: Evolution of the Bootkit; The First Bootkits; Boot Sector Infectors; Elk Cloner and Load Runner; The Brain Virus; The Evolution of Bootkits; The End of the BSI Era; The Kernel-Mode Code Signing Policy; The Rise of Secure Boot; Modern Bootkits; Conclusion | |
505 | 8 | |a Chapter 5: Operating System Boot Process EssentialsHigh-Level Overview of the Windows Boot Process; The Legacy Boot Process; The Windows Boot Process; BIOS and the Preboot Environment; The Master Boot Record; The Volume Boot Record and Initial Program Loader; The bootmgr Module and Boot Configuration Data; Conclusion; Chapter 6: Boot Process Security; The Early Launch Anti-Malware Module; API Callback Routines; How Bootkits Bypass ELAM; Microsoft Kernel-Mode Code Signing Policy; Kernel-Mode Drivers Subject to Integrity Checks; Location of Driver Signatures; The Legacy Code Integrity Weakness | |
505 | 8 | |a The ci.dll ModuleDefensive Changes in Windows 8; Secure Boot Technology; Virtualization-Based Security in Windows 10; Second Level Address Translation; Virtual Secure Mode and Device Guard; Device Guard Limitations on Driver Development; Conclusion; Chapter 7: Bootkit Infection Techniques; MBR Infection Techniques; MBR Code Modification: The TDL4 Infection Technique; MBR Partition Table Modification; VBR/IPL Infection Techniques; IPL Modifications: Rovnix; VBR Infection: Gapz; Conclusion; Chapter 8: Static Analysis of a Bootkit Using IDA Pro; Analyzing the Bootkit MBR | |
542 | |f Copyright © No Starch Press | ||
590 | |a O'Reilly Online Learning Platform: Academic Edition (SAML SSO Access) | ||
650 | 0 | |a Computer security. | |
650 | 0 | |a Malware (Computer software) | |
700 | 1 | |a Rodionov, Eugene, |e author. | |
700 | 1 | |a Bratus, Sergey, |e author. | |
730 | 0 | |a WORLDSHARE SUB RECORDS | |
776 | 0 | 8 | |i Print version: |a Matsorov, Alex. |t Rootkits and bootkits. |d San Francisco : No Starch Press, Inc., [2019] |z 9781593277161 |w (DLC) 2017022905 |
856 | 4 | 0 | |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781492071259/?ar |z CONNECT |3 O'Reilly |t 0 |
949 | |a ho0 | ||
994 | |a 92 |b TXM | ||
998 | |a wi |d z | ||
999 | f | f | |s eecaff4d-20ec-4554-90e9-e48128e13e6b |i bb0fae26-44a1-4640-a3a2-47b8260bad75 |t 0 |
952 | f | f | |a Middle Tennessee State University |b Main |c James E. Walker Library |d Electronic Resources |t 0 |e QA76.9.A25 |h Library of Congress classification |
856 | 4 | 0 | |3 O'Reilly |t 0 |u https://go.oreilly.com/middle-tennessee-state-university/library/view/-/9781492071259/?ar |z CONNECT |