| 
 enlarge | Authors: Greg Hoglund, Jamie Butler
Publisher: Addison-Wesley Professional
Category: Book
List Price: $54.99
Buy New: $24.55
You Save: $30.44 (55%)
New (36) Used (15) from $24.55
Avg. Customer Rating:  21 reviews
Sales Rank: 98173
Media: Paperback
Number Of Items: 1
Pages: 352
Shipping Weight (lbs): 1.4
Dimensions (in): 9.1 x 7 x 0.9
ISBN: 0321294319
Dewey Decimal Number: 005.8
EAN: 9780321294319
ASIN: 0321294319
Publication Date: August 1, 2005
Availability: Usually ships in 1-2 business days
Shipping: Expedited shipping available
Shipping: International shipping available
Condition: Brand new!
|
| Customer Reviews:
Welcome to the future February 13, 2006
4 out of 15 found this review helpful
If you don't own this book, then the world will one day 0wn you. Buy this book today and learn from the masters about the ultimate tool in the attacker's toolkit. Greg Hoglund's work is essential to computer security. It behooves us all to understand it.
Rootkit insights January 19, 2006
9 out of 13 found this review helpful
One of the first books to go deeper in to rootkits of its kind. Not many books out there to give a understanding to IAT, SSDT, hooks, trampoline functions, and its relationship to rootkits.
Some of the problems with info sec is the lack of information. With more information, others can go from reactive actions to proactive actions.
Having heard the presentations and talks by the authors, the book brings into deeper insights with examples into the world of rootkits. With the rise in malware of all kinds, IT professionals will need to know how a rootkit works and detection.
 Not a book for Kernel Driver Developer December 22, 2005
15 out of 29 found this review helpful
This book tells me what RootKit really means. One useful thing I got from this book was that in Windows Kernel even simple code can be used against security. And that's it. Most techniques in this book are primitive to kernel developers. I don't recommend this book to serious kernel driver developers. "Windows Internals" and OSR Online should be the way to go.
Top Notch security book - A must read October 25, 2005
12 out of 16 found this review helpful
I bought this book on a whim, and a sale.
I have found the book to be very clearly written, even when the topic can be exceedlingly obscure.
Well worth every cent.
I fully agree with the other reviews I have found on Amazon and cannot offer more insight to the books contents.
I would recommend this book to any serious software developer.
I was impressed to see that was a reference to how the start of a function in Assembly language is shown for XP SP2 - and that it made it easier to find.
My only warning is that you may become a little security paranoid after you find out what can happen.
A must for those desiring knowledge on the "Mother of all Malware"! October 2, 2005
17 out of 18 found this review helpful
A brilliantly written book on everything one would want to know about Rootkits in the Microsoft Windows world. Greg is the industry expert who shares his knowledge through many examples and illustrations that would help almost any level of reader grasp a better understanding of Rootkits.
The authors start with `Understanding Attackers' Motives' and what Rootkits are and aren't, and work they way through Rootkit designs, hardware interaction, hooking into kernel and user, `Direct Kernel Object Manipulation', `Hardware Manipulation', covert techniques and ways to identify Rootkits on your systems.
The authors in-depth knowledge of Rootkits is clearly demonstrated early on when they walk through creating a loadable module, or device/kernel driver. Through this process, they take the time to explain each line, how it manipulates the system, and how it could be used maliciously.
Throughout most of the book, the authors give very detailed examples, lines of code and other evidence supporting the theories and processes presented here. The book is written in a way that they leave little to the imagination and provide hard evidence to support the thought.
The book ends with Rootkit detection, which is the only way to end a book on malicious software. Now that they have taught one how to manipulate and hijack system, here is what one can do to protect the systems they are responsible for, and identify these malicious codes on ones systems. They describe scanning memory, identifying different types of hooks, and again provide some code for one to use to help with these processes.
After reading this book, not only will one have the understanding of Rootkits are and how they can be used, one will have enough knowledge to create their own Rootkits, understand key programming techniques such as runtime patching, hooking into the kernel, and remote command and control.
I highly recommend this book as the Rootkit is the `Mother of all Malicious Code'. Once an attacker has successfully installed a Rootkit on one's system, the game is over.
|
|
|
