What do you think?
Rate this book
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The range of topics presented includes how to:-Evade post-mortem analysis-Frustrate attempts to reverse engineer your command & control modules-Defeat live incident response-Undermine the process of memory analysis-Modify subsystem internals to feed misinformation to the outside-Entrench your code in fortified regions of execution-Design and implement covert channels-Unearth new avenues of attack
784 pages, Paperback
First published May 4, 2009
30 people are currently reading
512 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 8 of 8 reviews
October 11, 2019
This book offers many good tips on how to buidl high-quality code. More importantly, it helps create a base framework of a manula that a company could use to standardise the coding styles of its engineering force. One shouldn’t follow all the tips listed in the book, but the book surely gives nice directions.
March 3, 2012
"The Way that can be described is not the true Way." -Lao Tse
I like books that have quotes sprinkled throughout it. It's almost like finding dollar bills in your couch. And I like the fact that, at the end of the book, he compares subversion tactics of rootkits to subversion tactics of nations against their people (an interesting note: the publisher of the book removed the "final last chapter" from the 2nd edition, but he put it on his web site).
This could be the absolute BEST book on programming that I've ever read. Put another way, this book is seriously like Jedi Knight or Sith training.
Pisses me off that the 2nd version is coming out in 2 weeks!, because I suspect that it'll address problems that it didn't address in the first version.
This book teaches you a variety of things: debugging (primarily kernel level), how bootkits work, MBR modification, call hook injection, binary patching (detours)... even cursory kernel level programming (including filter and NDIS/protocol drivers!) and ways to overtly communicate over networking protocols such as HTTP, DNS and ICMP.
It's about 700 pages of SOLID reading material, and that's not including full source references for all of his examples (in the appendix). I probably finished it in about 2 weeks (although I probably finished three quarters of it this week - the IA32 reference is hard to read, but informational).
If you finish this book, you *WILL* become more interested in finding out how everything around you works! Which is to say that you'll become more curious about how everything in the world around you operates.
And you might become a PBS fan, too. //
I like books that have quotes sprinkled throughout it. It's almost like finding dollar bills in your couch. And I like the fact that, at the end of the book, he compares subversion tactics of rootkits to subversion tactics of nations against their people (an interesting note: the publisher of the book removed the "final last chapter" from the 2nd edition, but he put it on his web site).
This could be the absolute BEST book on programming that I've ever read. Put another way, this book is seriously like Jedi Knight or Sith training.
Pisses me off that the 2nd version is coming out in 2 weeks!, because I suspect that it'll address problems that it didn't address in the first version.
This book teaches you a variety of things: debugging (primarily kernel level), how bootkits work, MBR modification, call hook injection, binary patching (detours)... even cursory kernel level programming (including filter and NDIS/protocol drivers!) and ways to overtly communicate over networking protocols such as HTTP, DNS and ICMP.
It's about 700 pages of SOLID reading material, and that's not including full source references for all of his examples (in the appendix). I probably finished it in about 2 weeks (although I probably finished three quarters of it this week - the IA32 reference is hard to read, but informational).
If you finish this book, you *WILL* become more interested in finding out how everything around you works! Which is to say that you'll become more curious about how everything in the world around you operates.
And you might become a PBS fan, too. //
August 12, 2023
Great book, a bit complicated and not for beginners.
Focuses on rootkits therefore was less for my game hacking route of study
Focuses on rootkits therefore was less for my game hacking route of study
January 18, 2014
Reviews on Reverend Bill's choice of good vs. bad overlook the need to grasp "that concept". While technical--throw it to any CFO to justify costs, CTO that they don't know it all, Security "guru" there's always someone better. I've been in circles where they spoke of the book like it should be banned--others..the bible. Ignorance and FUD are the enemy. Pull the security blanket over our heads, sing praise to the almighty vendor selling us products that protect us because that's what we want to believe--and the threat won't exist!
I too, am tired of books with hats, colors, or duality--however books, as with conversation, are interpreted differently by each reader. Reverend Bill could have turned out encyclopedias on the topic--to do so in 664 pages is amazing (1-680, skipping intro and appendix code 681-894).
Compared with other books in the genre--to do so with the topics covered is truly remarkable!
I too, am tired of books with hats, colors, or duality--however books, as with conversation, are interpreted differently by each reader. Reverend Bill could have turned out encyclopedias on the topic--to do so in 664 pages is amazing (1-680, skipping intro and appendix code 681-894).
Compared with other books in the genre--to do so with the topics covered is truly remarkable!
February 20, 2023
I finished this book years ago but I can still say hands down the best introductory book for THINKING like a malicious coder. This book is somewhat about technical details, but more importantly it teaches how you might consider your challenges and design. Though the focus is on Windows with this book, the concepts are more or less applicable to every major OS. 5 stars. A must read.
October 19, 2014
Can difficult to follow along with if you don't have a duplicate setup of the author. A great book that teaches how rootkits are authored and constructed but like any technology, isn't truly ingrained until applied.
October 17, 2012
Sometimes the author gets too much into that good guy bad guy talking of hackers. Nonetheless is the information about rootkits shown in the book one of the bests i've read.
Displaying 1 - 8 of 8 reviews