What do you think?
Rate this book
Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
Rootkits and Bootkits delivers a master class in malware evolution that will give you the techniques and tools necessary to counter sophisticated, advanced threats. We're talking hard stuff - attacks buried deep in a machine's boot process or UEFI firmware that keep malware analysts up late at night.
Security experts Alex Matrosov, Eugene Rodionov, and Sergey Bratus share the knowledge they've gained over years of professional research. With these field notes, you'll trace malware evolution from rootkits like TDL3 to present day UEFI implants and examine how these malware infect the system, persist through reboot, and evade security software. While you inspect real malware under the microscope, you'll learn:
-The details of the Windows boot process, from 32-bit to 64-bit and UEFI, and where it's vulnerable.
-Boot process security mechanisms like Secure Boot, the kernel-mode signing policy include some details about recent technologies like Virtual Secure Mode (VSM) and Device Guard.
-The reverse engineering and forensic approaches for real malware discovered in the wild, including bootkits like Rovnix/Carberp, Gapz, TDL4 and the infamous rootkits TDL3 and Festi.
-How to perform boot process dynamic analysis using emulation and virtualization
-Modern BIOS-based rootkits and implants with directions for forensic analysis
Cybercrime syndicates and malicious actors keep pushing the envelope, writing ever more persistent and covert attacks. But the game is not lost. Explore the cutting edge of malware analysis with Rootkits and Bootkits.
Covers boot processes for Windows 32-bit and 64-bit operating systems.
Security experts Alex Matrosov, Eugene Rodionov, and Sergey Bratus share the knowledge they've gained over years of professional research. With these field notes, you'll trace malware evolution from rootkits like TDL3 to present day UEFI implants and examine how these malware infect the system, persist through reboot, and evade security software. While you inspect real malware under the microscope, you'll learn:
-The details of the Windows boot process, from 32-bit to 64-bit and UEFI, and where it's vulnerable.
-Boot process security mechanisms like Secure Boot, the kernel-mode signing policy include some details about recent technologies like Virtual Secure Mode (VSM) and Device Guard.
-The reverse engineering and forensic approaches for real malware discovered in the wild, including bootkits like Rovnix/Carberp, Gapz, TDL4 and the infamous rootkits TDL3 and Festi.
-How to perform boot process dynamic analysis using emulation and virtualization
-Modern BIOS-based rootkits and implants with directions for forensic analysis
Cybercrime syndicates and malicious actors keep pushing the envelope, writing ever more persistent and covert attacks. But the game is not lost. Explore the cutting edge of malware analysis with Rootkits and Bootkits.
Covers boot processes for Windows 32-bit and 64-bit operating systems.
448 pages, Paperback
First published January 1, 2019
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 6 of 6 reviews
April 1, 2020
The term “walking pneumonia” is a nonmedical term for a mild case of pneumonia. People can walk around, oblivious to the problem deep within their bodies. But even with a bland name like walking pneumonia, it’s still a serious disease that can have devastating effects.
Similarly, there are firms whose networks are filled with malware, yet they remain oblivious to it. In Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats, authors Alex Matrosov, Eugene Rodionov, and Sergey Bratus create a highly technical guide that can help organizations get a handle on this information security scourge.
A rootkit is malicious software that gives an attacker access to a computer that it should not have access to. Similarly, a bootkit is another type of malicious infection, but it targets the master boot record (MBR). Access to the MBR enables the bootkit to be loaded before Windows, and thus go undetected by Windows security.
Rootkits and bootkits are often written by sophisticated adversaries who make them difficult to detect and remove. The book will help the IT department cope with the malicious software.
The average Security Management reader may not be familiar with the programming code in the book, but there are descriptions and case studies that can help them understand the problem. This deep reference, jam-packed with code and technical information, will support an engineer or system administrator tasked with putting these vulnerabilities in their place.
Similarly, there are firms whose networks are filled with malware, yet they remain oblivious to it. In Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats, authors Alex Matrosov, Eugene Rodionov, and Sergey Bratus create a highly technical guide that can help organizations get a handle on this information security scourge.
A rootkit is malicious software that gives an attacker access to a computer that it should not have access to. Similarly, a bootkit is another type of malicious infection, but it targets the master boot record (MBR). Access to the MBR enables the bootkit to be loaded before Windows, and thus go undetected by Windows security.
Rootkits and bootkits are often written by sophisticated adversaries who make them difficult to detect and remove. The book will help the IT department cope with the malicious software.
The average Security Management reader may not be familiar with the programming code in the book, but there are descriptions and case studies that can help them understand the problem. This deep reference, jam-packed with code and technical information, will support an engineer or system administrator tasked with putting these vulnerabilities in their place.
Read
January 13, 2021I went into this book expecting a fairly higher level overview/history of the topic, and was pleasantly surprised by the technical depth. To get full benefit from reading, it would definitely be useful to have some basic computer science knowledge. The book contains quite a number of code snippets and technical jargon that would be difficult to follow without having at least a rudimentary foundation in computer systems/software (e.g. knowing what a driver is, or having some experience with C/C++ syntax). However, a recreational enthusiast could probably still find enjoyment from just the narrative of the malware (particularly the ransomware section since that's such a splashy topic). I was happy to see github links, forensic analysis tool suggestions, and even some exercises!
December 25, 2020
Reads like a novel. Very exciting sneak peek into bootkits. While it lacks the actual disassembly or debugging routines, the authors manage to provide you with a fantastic summary of the threat landscape surrounding rootkits and bootkits. The deep dive into Windows Secure Boot, UEFI security, Intel Boot Guard and other emerging defensive mitigations at the firmware-level is excellent.
February 7, 2021
It is a really great book. Even if you dont understand everything you will learn a lot how malware works internally. I was searching this kind of information for a long time.
December 14, 2021
Worked through this book and really enjoyed it. It's written in a way that is incredibly informative while not being so dry and complex that it is difficult to read.
March 4, 2025
I scanned through it. Interesting information. To my taste, or what I was looking for/expecting, the book is either too verbose or going too deep too quickly.
Displaying 1 - 6 of 6 reviews