With the growing prevalence of the Internet, rootkit technology has taken center stage in the battle between White Hats and Black Hats. Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.
The Rootkit Arsenal: Escape and Evasion
and over one million other books are available for Amazon Kindle. Learn more
 |
| |||||||||||||||
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now |
|
There is a newer edition of this item:
|
Book Description
Frequently Bought Together
Product Details
Would you like to update product info or give feedback on images? |
More About the Author
Discover books, learn about writers, read author blogs, and more.
Customer Reviews
Most Helpful Customer Reviews
32 of 35 people found the following review helpful
Format:Paperback
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Wow...! This was my first reaction when I received this massive 900+ pages book from Amazon. I was just spell bounded and surprised to see such an enormous amount of information compiled on the lesser known area of computer security, the Rootkits.
The book starts with basics of system internals which is essential to understand the depth of Rootkits. It covers about various memory models, interrupts, TSR, Windows architecture etc in detail. Then it delves into explaining the ingredients of Rootkit including installing and launching of the Rootkit. All these system internals have been covered in very precise and concise manner.
The chapter 5 is where the real fun starts as it goes on elaborating all the hooking mechanisms from user land to kernel and then it describes various techniques for detecting these hooking mechanisms. Later chapters does awesome job of explaining the advanced Rootkit techniques. The Anti-Forensics section is just mind blowing, no explanation needed.
One of the salient features of this book is the code samples. Every technique mentioned in this book is illustrated with well explained, working code example. This along with Rootkit detection mechanisms explored in the book sets it apart from its predecessor, Rootkit - Subverting Windows Kernel.
Its clearly evident that author has taken great pain and patience to present the darkest topic of computer arena in a very simple and understandable manner in this gigantic compilation. By far this is the very good reference book and very well recommended for any one who wants to conquer the mysterious world of Rootkits.
Wow...! This was my first reaction when I received this massive 900+ pages book from Amazon. I was just spell bounded and surprised to see such an enormous amount of information compiled on the lesser known area of computer security, the Rootkits.
The book starts with basics of system internals which is essential to understand the depth of Rootkits. It covers about various memory models, interrupts, TSR, Windows architecture etc in detail. Then it delves into explaining the ingredients of Rootkit including installing and launching of the Rootkit. All these system internals have been covered in very precise and concise manner.
The chapter 5 is where the real fun starts as it goes on elaborating all the hooking mechanisms from user land to kernel and then it describes various techniques for detecting these hooking mechanisms. Later chapters does awesome job of explaining the advanced Rootkit techniques. The Anti-Forensics section is just mind blowing, no explanation needed.
One of the salient features of this book is the code samples. Every technique mentioned in this book is illustrated with well explained, working code example. This along with Rootkit detection mechanisms explored in the book sets it apart from its predecessor, Rootkit - Subverting Windows Kernel.
Its clearly evident that author has taken great pain and patience to present the darkest topic of computer arena in a very simple and understandable manner in this gigantic compilation. By far this is the very good reference book and very well recommended for any one who wants to conquer the mysterious world of Rootkits.
23 of 25 people found the following review helpful
Format:Paperback
Bill Blunden's book, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, is one of the hidden gems out there as far as computer security books are concerned, and I hope that I can convince you to give it a look. This review has been too-long to arrive, as I haven't had the time to read that I would like. That said, I felt it was very important to finally get the review up, as this is a book that I'm sure my regular readers will enjoy.
I first spotted this book on a vendor table at Defcon, and it stood out among the rest mostly because *I hadn't heard of it*. I try to keep up with new book releases, especially on attack-oriented topics that would be of interest to the penetration testers and vulnerability analysts that read this blog. It was surprising to me that one had flown under the radar. I picked it up and flipped through the table of contents [...] (which I encourage you to do as well), and was very impressed with the amount of material it covers.
I looked up the author, and was disappointed to realize that I had missed his talk at Blackhat earlier that week (looking forward to the video). I contacted him, and he was kind enough to supply a review copy of the book. It arrived very quickly, with a humorous personal note on the inside cover, and ever since, I have been learning a lot from it.
The author's style is excellent. The material is technical and has the potential to be very dry, but the text has a very conversational tone, as if it were being presented as a lecture for a (particularly good) class. Each concept is tied back to the main topic: hiding operations and data from the user and operating system, and frustrating forensic analysis. The book reads very well, presenting enough context that you can understand it if you're reading away from a computer, and enough detail that you can follow along and experiment with it if you are at your desk.
I appreciate that this book does not attempt to hold the reader's hand throughout with the ethics of developing rootkits. The author takes a brief moment at the beginning of the book to explain the legitimate needs for security professionals to be familiar with rootkit techniques and development, and points out that the information can be found elsewhere. After this point, the book assumes a level of maturity in its reader that is greatly appreciated.
The first part of the book, "Foundations", has an excellent introduction to IA32 architecture and Windows internals that I have never seen so well-described for beginners. Even if you aren't interested in rootkits, this portion of the book is something I would recommend to anyone getting started in related fields, like reverse-engineering or exploit development. Digging further into the text, the second section on "System Modification" makes up the "meat" of the book, delving into the details of subverting Windows internals in many different ways. As technical and in-depth as the book gets, though, it never seems to leave the reader behind. Each new concept is well-explained and builds upon the material the reader has already learned. You may have to go through the text slower than you had anticipated, and go back to review previous material, but you're never left feeling hopelessly lost.
The remainder of the book is a treat, as well. I can't recall another book that goes into any kind of detail on defeating forensic analysis of memory and file systems. Anyone interested in developing forensic tools or curious about how analysis with tools like Encase and FTK might be subverted, should give it a read. The author closes the text with some strategic guidelines for rootkit development, and his own thoughts on how evasion and deception can be used to similar ends on a larger scale than operating systems.
This is now one of my favorite computer security books, and I believe that if you review its contents, you'll find that you're getting a great value for your money. If you are familiar with C and have a beginner's knowledge of IA-32 assembly, you should have the prerequisites you need to follow along with this book. I highly recommend it, and hope that it becomes less-hidden of a gem that it already is.
I first spotted this book on a vendor table at Defcon, and it stood out among the rest mostly because *I hadn't heard of it*. I try to keep up with new book releases, especially on attack-oriented topics that would be of interest to the penetration testers and vulnerability analysts that read this blog. It was surprising to me that one had flown under the radar. I picked it up and flipped through the table of contents [...] (which I encourage you to do as well), and was very impressed with the amount of material it covers.
I looked up the author, and was disappointed to realize that I had missed his talk at Blackhat earlier that week (looking forward to the video). I contacted him, and he was kind enough to supply a review copy of the book. It arrived very quickly, with a humorous personal note on the inside cover, and ever since, I have been learning a lot from it.
The author's style is excellent. The material is technical and has the potential to be very dry, but the text has a very conversational tone, as if it were being presented as a lecture for a (particularly good) class. Each concept is tied back to the main topic: hiding operations and data from the user and operating system, and frustrating forensic analysis. The book reads very well, presenting enough context that you can understand it if you're reading away from a computer, and enough detail that you can follow along and experiment with it if you are at your desk.
I appreciate that this book does not attempt to hold the reader's hand throughout with the ethics of developing rootkits. The author takes a brief moment at the beginning of the book to explain the legitimate needs for security professionals to be familiar with rootkit techniques and development, and points out that the information can be found elsewhere. After this point, the book assumes a level of maturity in its reader that is greatly appreciated.
The first part of the book, "Foundations", has an excellent introduction to IA32 architecture and Windows internals that I have never seen so well-described for beginners. Even if you aren't interested in rootkits, this portion of the book is something I would recommend to anyone getting started in related fields, like reverse-engineering or exploit development. Digging further into the text, the second section on "System Modification" makes up the "meat" of the book, delving into the details of subverting Windows internals in many different ways. As technical and in-depth as the book gets, though, it never seems to leave the reader behind. Each new concept is well-explained and builds upon the material the reader has already learned. You may have to go through the text slower than you had anticipated, and go back to review previous material, but you're never left feeling hopelessly lost.
The remainder of the book is a treat, as well. I can't recall another book that goes into any kind of detail on defeating forensic analysis of memory and file systems. Anyone interested in developing forensic tools or curious about how analysis with tools like Encase and FTK might be subverted, should give it a read. The author closes the text with some strategic guidelines for rootkit development, and his own thoughts on how evasion and deception can be used to similar ends on a larger scale than operating systems.
This is now one of my favorite computer security books, and I believe that if you review its contents, you'll find that you're getting a great value for your money. If you are familiar with C and have a beginner's knowledge of IA-32 assembly, you should have the prerequisites you need to follow along with this book. I highly recommend it, and hope that it becomes less-hidden of a gem that it already is.
14 of 15 people found the following review helpful
By Hugh K. Boyd
Format:Paperback
Man! This thing is dangerous! The first couple of chapters provide probably one of the best overviews I've seen on the topics of IA86 and Win32 architecture. Then we get into the meat of the techniques for building rootkits. Finally, the author goes into anti-forensics. It's about as deep a dive into the subject as you'll find anywhere with examples that demonstrate how to use rootkits to pull off privilege escalation exploits, subverting group policy, hiding applications, and drivers, etc, etc. After the tutorial chapters, there are gobs and gobs of code (I only wish that it were on CD or downloadable -- but you actually learn from entering and building it). Be forewarned: the code really works!
Most Recent Customer Reviews
5.0 out of 5 stars
Excellent resource for the security professional
I bought this book in anticipation of a class I had to teach regarding system calls in Windows and Linux operating systems. Read more
Published 4 months ago by Sergio A. Becerril Lopez
5.0 out of 5 stars
A Treasure Chest Full of Keys!
Thanks Prometheus! More usable and secret knowledge in this small library than in both my IT and Occult libraries combined! I owe you one.
Published 8 months ago by T. W. Edgin
5.0 out of 5 stars
Kind mentor
This book like kind teacher. explain hard topics very easily. it expanded my understanding about win32 internal works. Good for every developers ..except newbies
Published 10 months ago by Myung Kook Yang
5.0 out of 5 stars
An Excellent Resource for Rootkit Research
I'm a computer security specialist and wanted to extend my knowledge of programming and computer security to cover rootkits. Read more
Published 20 months ago by Doug Daly
2.0 out of 5 stars
Grossly padded for marketability.
The book is definitely grossly padded for marketability.
Out of 900 pages, 213 (23.7%) are taken by the examples' source code with extensive fragments of it repeated in the... Read more
Out of 900 pages, 213 (23.7%) are taken by the examples' source code with extensive fragments of it repeated in the... Read more
Published 24 months ago by a reader
5.0 out of 5 stars
The very best book on the topic?
It's not too often that a hefty 900 page technical book manages to hold your rapt attention on a plane ride. Read more
Published on May 14, 2011 by Atul Khare
4.0 out of 5 stars
Great read
Wish I had more time for this book. You should have a decent understanding of C code and just a good foundation. Great fo beginners and advanced people. Read more
Published on April 4, 2011 by Mr.
5.0 out of 5 stars
Excellent brain dump
This is an excellent resource for those looking to get a well rounded and well thought out view of kernel architecture and rootkit basics. Read more
Published on March 28, 2011 by AnonymousJohn
5.0 out of 5 stars
Information the bad guys already know
First off, what's a rootkit? Wikipedia says: "A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by... Read more
Published on March 21, 2011 by John Matlock
5.0 out of 5 stars
Most detailed reference on rootkits yet
I was searching a book that would give me the insides to how root-kits work and which would not require me to read other books on assembly language parallel to that one... Read more
Published on November 11, 2010 by Kristian
