Bill Blunden

ISBN-13: 9781598220612
ISBN-10: 1598220616
Paperback
908 Pages
© 2010

Part 1 Foundations
Chapter 1 Setting the Stage
Chapter 2 Into the Catacombs: IA-32
Chapter 3 Windows System Architecture
Chapter 4 Rootkit Basics
Part 2 System Modification
Chapter 5 Hooking Call Tables
Chapter 6 Patching System Routines
Chapter 7 Altering Kernel Objects
Chapter 8 Deploying Filter Drivers
Part 3 Anti-Forensics
Chapter 9 Defeating Live Response
Chapter 10 Defeating File System Analysis
Chapter 11 Defeating Network Analysis
Chapter 12 Countermeasure Summary
Part 4 End Material
Chapter 13 The Tao of Rootkits
Chapter 14 Closing Thoughts

With the growing prevalence of the Internet, rootkit technology has taken center stage in the battle between White Hats and Black Hats. Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so, the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.

Learn how to:
Hook kernel structures on multi-processor systems
Use a kernel debugger to reverse-engineer operating system internals
Inject call gates to create a back door into Ring-0
Use detour patches to sidestep group policy
Modify privilege levels on Windows Vista by altering kernel objects
Utilize bootkit technology
Defeat both live incident response and post-mortem forensic analysis
Implement code armoring to protect your deliverables
Establish covert network channels using the WSK and NDIS 6.0

The shell scripts and build files used to compile selected projects in this book can be downloaded from the book’s resource page at [Enlace externo eliminado para invitados].

h++p://rapidshare.com/files/278312487/0 ... r.rar.html