The Rootkit Arsenal: Escape and Evasion and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $49.95
  • Save: $19.45 (39%)
FREE Shipping on orders over $35.
Only 3 left in stock (more on the way).
Ships from and sold by Amazon.com.
Gift-wrap available.
The Rootkit Arsenal: Esca... has been added to your Cart
+ $3.99 shipping
Used: Good | Details
Condition: Used: Good
Comment: Good Condition. Reasonable wear. Still very usable. Clean, mark-free interior! SHIPS W/IN 24 HOURS! Processed by DHL with USPS delivery for an average of 3-5 Day Standard Shipping & 2-3 Day Expedited Shipping!! FREE INSURANCE! Fast & Personal Support! Careful Packaging. No Hassle, Full Refund Return Policy!
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See this image

The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System Paperback – May 4, 2009


See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$30.50
$19.99 $18.07

There is a newer edition of this item:

$30.50 FREE Shipping on orders over $35. Only 3 left in stock (more on the way). Ships from and sold by Amazon.com. Gift-wrap available.

Frequently Bought Together

The Rootkit Arsenal: Escape and Evasion: Escape and Evasion in the Dark Corners of the System + Rootkits: Subverting the Windows Kernel + The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
Price for all three: $121.82

Buy the selected items together

NO_CONTENT_IN_FEATURE

Best Books of the Month
Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.

Product Details

  • Paperback: 908 pages
  • Publisher: Jones & Bartlett Learning; 1 edition (May 4, 2009)
  • Language: English
  • ISBN-10: 1598220616
  • ISBN-13: 978-1598220612
  • Product Dimensions: 6.1 x 1.8 x 9.2 inches
  • Shipping Weight: 2.4 pounds (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (20 customer reviews)
  • Amazon Best Sellers Rank: #950,127 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

This is is a very hefty book and the number of topics covered were extraordinary.
Dekker Graden
That said, I felt it was very important to finally get the review up, as this is a book that I'm sure my regular readers will enjoy.
R. Wesley McGrew
Highly recommended, and mandatory reading for anyone working on Windows OS system componenents or security software.
Atul Khare

Most Helpful Customer Reviews

34 of 37 people found the following review helpful By Nagareshwar Talekar on August 16, 2009
Format: Paperback
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System

Wow...! This was my first reaction when I received this massive 900+ pages book from Amazon. I was just spell bounded and surprised to see such an enormous amount of information compiled on the lesser known area of computer security, the Rootkits.

The book starts with basics of system internals which is essential to understand the depth of Rootkits. It covers about various memory models, interrupts, TSR, Windows architecture etc in detail. Then it delves into explaining the ingredients of Rootkit including installing and launching of the Rootkit. All these system internals have been covered in very precise and concise manner.

The chapter 5 is where the real fun starts as it goes on elaborating all the hooking mechanisms from user land to kernel and then it describes various techniques for detecting these hooking mechanisms. Later chapters does awesome job of explaining the advanced Rootkit techniques. The Anti-Forensics section is just mind blowing, no explanation needed.

One of the salient features of this book is the code samples. Every technique mentioned in this book is illustrated with well explained, working code example. This along with Rootkit detection mechanisms explored in the book sets it apart from its predecessor, Rootkit - Subverting Windows Kernel.

Its clearly evident that author has taken great pain and patience to present the darkest topic of computer arena in a very simple and understandable manner in this gigantic compilation. By far this is the very good reference book and very well recommended for any one who wants to conquer the mysterious world of Rootkits.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
24 of 26 people found the following review helpful By R. Wesley McGrew on October 7, 2009
Format: Paperback
Bill Blunden's book, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, is one of the hidden gems out there as far as computer security books are concerned, and I hope that I can convince you to give it a look. This review has been too-long to arrive, as I haven't had the time to read that I would like. That said, I felt it was very important to finally get the review up, as this is a book that I'm sure my regular readers will enjoy.

I first spotted this book on a vendor table at Defcon, and it stood out among the rest mostly because *I hadn't heard of it*. I try to keep up with new book releases, especially on attack-oriented topics that would be of interest to the penetration testers and vulnerability analysts that read this blog. It was surprising to me that one had flown under the radar. I picked it up and flipped through the table of contents [...] (which I encourage you to do as well), and was very impressed with the amount of material it covers.

I looked up the author, and was disappointed to realize that I had missed his talk at Blackhat earlier that week (looking forward to the video). I contacted him, and he was kind enough to supply a review copy of the book. It arrived very quickly, with a humorous personal note on the inside cover, and ever since, I have been learning a lot from it.

The author's style is excellent. The material is technical and has the potential to be very dry, but the text has a very conversational tone, as if it were being presented as a lecture for a (particularly good) class. Each concept is tied back to the main topic: hiding operations and data from the user and operating system, and frustrating forensic analysis.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
14 of 15 people found the following review helpful By Hugh K. Boyd on August 10, 2009
Format: Paperback
Man! This thing is dangerous! The first couple of chapters provide probably one of the best overviews I've seen on the topics of IA86 and Win32 architecture. Then we get into the meat of the techniques for building rootkits. Finally, the author goes into anti-forensics. It's about as deep a dive into the subject as you'll find anywhere with examples that demonstrate how to use rootkits to pull off privilege escalation exploits, subverting group policy, hiding applications, and drivers, etc, etc. After the tutorial chapters, there are gobs and gobs of code (I only wish that it were on CD or downloadable -- but you actually learn from entering and building it). Be forewarned: the code really works!
2 Comments Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 10 people found the following review helpful By J. Clark on August 18, 2009
Format: Paperback
You cannot become an expert at developing Windows Rootkits without first gaining a thorough understanding of Intel system architecture, Windows architecture and the Windows Driver Model. This book provides some of the best coverage I've seen of those topics, in addition to providing a VERY complete coverage of rootkit development.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
9 of 11 people found the following review helpful By Richard Bejtlich on April 24, 2010
Format: Paperback
Disclaimer: Bill mentions me and my book "Real Digital Forensics" on pages xxvi and 493. He sent me a free review copy of his book.

"Wow." That summarizes my review of "The Rootkit Arsenal" (TRA) by Bill Blunden. If you're a security person and you plan to read one seriously technical book this year, make it TRA. If you decide to really focus your attention, and try the examples in the book, you will be able to write Windows rootkits. Even without taking a hands-on approach, you will learn why you can't trust computers to defend themselves or report their condition in a trustworthy manner.

Author Bill Blunden is an excellent technical writer. He keeps the reader's attention despite the mind-numbing complexity of some of his topics. He also provides exceptional background material and knows how to lead the reader through a series of learning sessions prior to directly addressing writing rootkits. Thanks to this progressive method, the reader acquires a thorough grounding in a variety of topics neglected by other texts. I highly recommend reading this book prior to other books on rootkits, although motivated readers might want to read books like Windows Internals, 5th Ed, prior to TRA.

I especially appreciated Bill's practical approach; he frequently shares tips to solve problems readers will encounter. For example, he describes how to access Microsoft symbols via a remote symbol server, rather than just downloading outdated symbols to a local system. He also explained how to set up a remote kernel debugger using a null modem.

Two other aspects of TRA made an impression on me. Bill very thoroughly discusses Windows and rootkit technology. He outlines numerous options, then examines the pros and cons of each technique.
Read more ›
1 Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Most Recent Customer Reviews