Qty:1
  • List Price: $49.95
  • Save: $14.84 (30%)
Only 8 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
Add to Cart
FREE Shipping on orders over $35.
Used: Good | Details
Sold by apex_media
Condition: Used: Good
Comment: Ships direct from Amazon! Qualifies for Prime Shipping and FREE standard shipping for orders over $25. Overnight and 2 day shipping available!
Add to Cart
Trade in your item
Get a $2.00
Gift Card.
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

Managed Code Rootkits: Hooking into Runtime Environments Paperback – November 11, 2010


See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle
"Please retry"
Rent from
$14.04
Paperback
"Please retry"
$35.11
$20.24 $16.28

Free%20Two-Day%20Shipping%20for%20College%20Students%20with%20Amazon%20Student



Frequently Bought Together

Managed Code Rootkits: Hooking into Runtime Environments + A Guide to Kernel Exploitation: Attacking the Core
Price for both: $69.15

Buy the selected items together
  • A Guide to Kernel Exploitation: Attacking the Core $34.04

Customers Who Bought This Item Also Bought

NO_CONTENT_IN_FEATURE
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Product Details

  • Paperback: 336 pages
  • Publisher: Syngress; 1 edition (November 11, 2010)
  • Language: English
  • ISBN-10: 1597495743
  • ISBN-13: 978-1597495745
  • Product Dimensions: 0.9 x 7.3 x 9 inches
  • Shipping Weight: 1.5 pounds (View shipping rates and policies)
  • Average Customer Review: 5.0 out of 5 stars  See all reviews (4 customer reviews)
  • Amazon Best Sellers Rank: #836,347 in Books (See Top 100 in Books)

Editorial Reviews

Review

"A well-put-together work: I was able to put some of the tasks to work for me right away. An excellent resource: Technical enough to be useful, but not overly technical." -- Chris Griffin, Trainer, ISECOM USA

"As someone who has to deal with .NET security every day, I always look for new ideas and tools to make .NET applications more secure. This book provides both. It's especially valuable when you have to protect apps without having access to their original source code." -- Kyle C. Quest, GREM, GWAPT, GCIH, GCFA, GCIA, GCWN, GCUX, GCFW, GSNA, CISSP, CIPP, Director of Security Engineering, MetraTech

"Overall the book is very well structured and presented in a way that maintains the reader's interest as the author delves ever deeper into why hackers use MCRs to target an organisation's applications. Continuity of the content is maintained by helpful summaries at the end of each chapter. Mr Metula is a consummate and talented security practitioner who knows his subject thoroughly. I consider this book to be excellent value for money and would recommend it to any security professional. In today's austere economic climate, modern IT solutions are being sought that are proven value for money. The use of virtual servers is rapidly increasing as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--InfoSecReviews.com

"In today's austere economic climate, modern IT solutions are being sought?that are proven value for money. The use of virtual servers is rapidly increasing?as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--Best Hacking and Pen Testing Books in InfoSecReviews Book Awards

From the Back Cover

Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.


More About the Author

Erez Metula is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide.

Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at BlackHat, DefCon, CanSecWest, OWASP and more. He holds a CISSP certification and is working toward an MSc in computer science.

Customer Reviews

5.0 out of 5 stars
5 star
4
4 star
0
3 star
0
2 star
0
1 star
0
See all 4 customer reviews
Share your thoughts with other customers

Most Helpful Customer Reviews

8 of 8 people found the following review helpful By TurboBorland on November 10, 2010
Format: Paperback Verified Purchase
I was very excited when I received this book in my mail and set some time each day to continue reading it. Syngress has been releasing amazing material that has made me follow them as closely as I do with No Starch Press. This release is no exception.

While reading through this book, I learned that the point wasn't really to shock and awe with this type of rootkit nor to shed light on a previously unknown area of managed code, but to show how braindead simple it is to create an MCR (managed code rootkit). The author gives hand-held examples on how to implement his technique in Java's JVM, .net's CLR, and Android's Dalvik.

Following along with the authors guidance and tools, a PoC can be manually made with a tiny bit of C/C++ knowledge. However, to even cut this requirement, an open-source automated framework is shown in later chapters as well. Which is truly amazing, or scary depending on your perspective, that anyone who can follow this book can make a working MCR today.

Now, the main technique is nothing new. Replacement of a run-time library to export a modified function that gets executed by your normal application, which allows a normal export to become a backdoor'd export. However, I noticed something. Just like managed languages are usually good picks until you go further down to the machine level and start managing different aspects for optimizations, this book is just like that for rootkits. It provides a great introduction to rootkits in general and you can follow along without any kind of programming knowledge. This book will definitely ease you into the subject of the rootkit.

For those of you with a little more experience, different examples of things to do with the MCR are given.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
5 of 5 people found the following review helpful By Richard Bejtlich on July 27, 2011
Format: Paperback
Managed Code Rootkits (MCR) is one of the best books I've read in 2011. MCR is a one-man tour-de-force through the world of malicious software that leverages managed code for its runtime. Prior to reading the book I was only vaguely aware of the concept and implementation. After reading MCR, I am wondering when we might see more of this technique in the wild. Author Erez Metula does almost everything right in MCR, and I strongly recommend reading it.

MCR is a great book because it addresses a topic that almost no one else covers in the published world. The book is easy to read, clear, coherent, methodical, well-organized, and thorough. The author doesn't limit the topic to only .NET; he also provides examples of Java and Android Dalvik code.

One of the best aspects of MCR is the author's recognition that readers are likely relying on the book for an introduction to the topic, so he makes sure to explain what he's discussing. He keeps the readers' perspective in mind and makes the right assumptions about their level of familiarity with the subject and likely expertise. It can be very frustrating to read a book written as if the author is talking to a colleague for whom the material is already well-known. Authors -- if readers already know a topic, they're likely not going to buy your book!

MCR contains the right mix of background, justification, theory, implementation, and code to fit any technical reader's interests. I'm not particularly interested in the topic as a matter of course, but I read the book because the author's excitement for the topic and his explanations hooked me.

The only weakness I found is that sometimes the screen captures are too small to be easily read.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
4 of 4 people found the following review helpful By ut158 TOP 1000 REVIEWERVINE VOICE on March 1, 2011
Format: Paperback Vine Customer Review of Free Product ( What's this? )
This book is about rootkits that are injected into managed code. This expanded my understanding of rootkits to go beyond something that was part of the OS itself and into virtual machine frameworks that becoming more and more common. The author even predicts that in the near future, many operating systems will contain large portions of managed code and so these sorts of rootkits will become more and more like the traditional OS deals we tend to think of when we hear the word "rootkit".

I'll cut to the chase--I really liked this book. It was easy to understand and fun to follow along because of the wealth of start-to-finish examples that are provided. The examples not only clearly illustrated the concepts the author was trying to convey, but also made me excited to try it out on my own... although I admit, I haven't gotten around to setting up a VM to mess around with (I don't think I want to mess with any of my every-day-use-machines).

Malware and security is a topic I have long found interesting, but only very recently started studying. I still consider myself very much a "noob" in the area. Even so, as I said before, the book was very easy to follow. There were plenty of new concepts for me and I found the whole thing very satisfying to read. Recommended to anyone interested in computer security.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
By Mike on April 16, 2013
Format: Paperback Vine Customer Review of Free Product ( What's this? )
This is a clearly written exposition of Managed Code Rootkits (MCRs). As the author explains, MCRs are used to maintain access to systems once they have been compromised. Most modern platforms run services on common runtimes that have less privilege. However these runtimes often process and have access to important information. So, even if the administrator has set up the ACL correctly for a service on the runtime, an MCR can collect and filter that data, which the author clearly explains how to do. Nicely written and comprehensive; definitely worth getting if you're interested in learning about systems security.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Search

What Other Items Do Customers Buy After Viewing This Item?