What do you think?
Rate this book
Rootkits Subverting the Windows Kernel [PB,2005]
"Rootkits are the ultimate backdoor, giving hackers ongoing and virtually undetectable access to the systems they exploit. Now, two of the worlds leading experts have written the first comprehensive guide to what they are, how they work, how to build them, and how to detect them. Rootkit.com's Greg Hoglund and James Butler created and teach Black Hat's legendary course in rootkits. In this book, they reveal never-before-told offensive aspects of rootkit technology--learn how attackers can get in and stay in for years, without detection. Hoglund and Butler show exactly how to subvert the Windows XP and Windows 2000 kernels, teaching concepts that are easily applied to virtually any modern operating system, from Windows Server 2003 to Linux and UNIX. Using extensive downloadable examples, they teach rootkit programming techniques that can be used for a wide range of software, from white hat security tools to operating system drivers and debuggers.After reading this book, readers will be able toUnderstand the role of rootkits in remote command/control and software eavesdropping Build kernel rootkits that can make processes, files, and directories invisible Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects Work with layered drivers to implement keyboard sniffers and file filters Detect rootkits and build host-based intrusion prevention software that resists rootkit attacks Visit rootkit.com for code and programs from this book. The site also contains enhancements to the book's text, such as up-to-the-minute information on rootkits available nowhere else."
Unknown Binding
First published July 22, 2005
12 people are currently reading
326 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
December 21, 2011
A fantastic book detailing the ins and outs of windows rootkits. If you are interested in the details surrounding topics such as kernel hooks, DKOM, and process hiding, this is the best book on the market today.
February 20, 2015
Probably due for an update; but still great info.
Very informative.
Probably those who have already done some Windows driver coding can skip the chapters on layered drivers, or sending raw TCP packets from kernel level; but the table hooks, inline patches, evasion, etc. was very interesting.
Recommended for those new to rootkits, but with some coding experience.
Very informative.
Probably those who have already done some Windows driver coding can skip the chapters on layered drivers, or sending raw TCP packets from kernel level; but the table hooks, inline patches, evasion, etc. was very interesting.
Recommended for those new to rootkits, but with some coding experience.
March 12, 2009
They don't all work. But it gives a great overview of what a backdoor does and how it does it. This is ancient history by now, but the principles are good. Scares the heck out the reader, too. Best horror book I've read so far this year.
Currently reading
April 3, 2012The 1st chapter has a great overview of key elements in software attacks. Nice start for a security nüb like myself.
June 22, 2015
The content is a bit outdated now and the supporting materials online are gone (even from the internet archives).
January 28, 2017
explanations and sample code of how to write and detect rootkits
Displaying 1 - 6 of 6 reviews