BUY THIS BOOK
Add to Cart

Print Book $29.95


Safari Books Online

What is this?

Envelope Tell a friend
Designing BSD Rootkits An Introduction to Kernel Hacking

By Joseph Kong
First Edition  April 2007 
Publisher: No Starch Press
Pages: 152
ISBN 10: 1-59327-142-5 | ISBN 13: 9781593271428
starstarstarstarstar (Average of 1 Customer Reviews)

Buy 2 Get 1 Free Free ShippingGuarantee

Book description

Designing BSD Rootkits introduces the fundamentals of programming and developing rootkits under the FreeBSD operating system. In addition to explaining rootkits and rootkit writing, the book aims to inspire readers to explore the FreeBSD kernel and gain a better understanding of the kernel and the FreeBSD operating system itself. Written in a friendly, accessible style and sprinkled with geek humor and pop culture references, the author favors a "learn by example" approach that assumes no prior kernel hacking experience.
Full Description

Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process.

Organized as a tutorial, Designing BSD Rootkits will teach you the fundamentals of programming and developing rootkits under the FreeBSD operating system. Author Joseph Kong's goal is to make you smarter, not to teach you how to write exploits or launch attacks. You'll learn how to maintain root access long after gaining access to a computer and how to hack FreeBSD.

Kongs liberal use of examples assumes no prior kernel-hacking experience but doesn't water down the information. All code is thoroughly described and analyzed, and each chapter contains at least one real-world application.

Included:

  • The fundamentals of FreeBSD kernel module programming
  • Using call hooking to subvert the FreeBSD kernel
  • Directly manipulating the objects the kernel depends upon for its internal record-keeping
  • Patching kernel code resident in main memory; in other words, altering the kernel's logic while it's still running
  • How to defend against the attacks described

    Hack the FreeBSD kernel for yourself!

    • Browse within this book

    Cover


    Featured customer reviews

    Write a Review


    Enjoyable primer on system kernel penetration,  June 05 2007
    Rating: StarStarStarStarStar
    Submitted by valentin_nils   [Respond | View]

    --- DISCLAIMER: This is a requested review by No Starch Press, however any opinions expressed within the review are my personal ones. ---


    This enjoyable readable book gradually and very systematically evolves around hacking the kernel of a BSD system.

    Chapter 1: Loadable Kernel Modules 22p.
    Chapter 2: Hooking 13p.
    Chapter 3: Direct Kernel Object Manipulation 20p.
    Chapter 4: Kernel Object Hooking 4p.
    Chapter 5: Run-Time Kernel Memory Patching 27p.
    Chapter 6: Putting It All Together 26p.
    Chapter 7: Detection 8p.

    Its written in a style that allows also non-developers to grasp the main procedures and steps involved for modifying a systems kernel (assuming the attacker got access to a privileged system account).

    Chapters 1 to 5 explain the several methods for modifying the kernel.

    While the book is divided into 7 chapters, its most value really is the Chapters 6 which has many of those WoW effects included.

    All or most technics described of chapters 1-5 will be used in chapter 6 for show casing how to circumvent an HIDS. Here is where all learned technics finally come all together.

    So the reader dabbles with the author from an initial "simple" idea of bypassing an HIDS from one issue to the next. First the system call is hooked, so technically its kind of working, but then we realize that in order to make it perfect we need to hide the just created file (which contains the execution redirection routine). So the next obvious step is to hide the file so we dont leave a footprint on the system, just to realize that we need to hide the KLD (Dynamic Kernel Linker). So now everything is hidden but we forgot about the change of the /sbin directories access/ modification and change time, so we have to go after that too...

    Its technically very interesting to learn how the author approaches the issues involved in order to avoid being detected by the HIDS or commands the user might use. That the author is technically on top of things is also shown f.e. by some info included in the book which is already referring to FreeBSD 7.

    To get the most out of the book you ideally have programming knowledge of C, assembly etc. and debugging software systems. So I think its most valuable to system administrators, developers and security consultants.

    >> Please find more reviews and book comparisons at http://www.be-known-online.com/shopping/reviews/
    <<

    Read all reviews

    Media reviews
    "Designing BSD Rootkits is aimed at a knowledgeable audience that like to dwell in very technical material and is comfortable with the C programming language...the book is packed with very informative material and it delivers exactly what it promises."
    -- Andrew Simmons, Net Security



    Read all reviews

    Designing BSD Rootkits
    See larger cover