book

Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition

by Christopher C. Elisan, Michael A. Davis, Sean M. Bodmer, Aaron LeMasters

December 2016

Intermediate to advanced

400 pages

11h 1m

English

McGraw-Hill

Read now

Unlock full access

CASE STUDY: Please Review This Before Our Quarterly Meeting
Malware Is Still KingThe Spread of MalwareWhy They Want Your WorkstationIntent Is Hard to DetectIt’s a BusinessSignificant Malware Propagation TechniquesSocial EngineeringFile ExecutionModern Malware Propagation TechniquesStormWormMetamorphismObfuscationDynamic Domain Name ServicesFast FluxMalware Propagation Injection VectorsEmailMalicious WebsitesPhishingPeer-to-Peer (P2P)WormsSummary

What Malware Does Once It’s InstalledPop-upsSearch Engine RedirectionData TheftClick FraudIdentity TheftKeyloggingMalware BehaviorsIdentifying Installed MalwareTypical Install LocationsInstalling on Local DrivesModifying TimestampsAffecting ProcessesDisabling ServicesModifying the Windows RegistrySummary
CASE STUDY: The Invisible Rootkit That Steals Your Bank Account DataDisk AccessFirewall BypassingBackdoor CommunicationIntentPresence and Significance
RootkitsTimelineMajor Features of RootkitsTypes of RootkitsUser-Mode RootkitsWhat Are User-Mode Rootkits?Background TechnologiesInjection TechniquesHooking TechniquesUser-Mode Rootkit ExamplesSummary
Ground Level: x86 Architecture BasicsInstruction Set Architectures and the Operating SystemProtection RingsBridging the RingsKernel Mode: The Digital Wild WestThe Target: Windows Kernel ComponentsThe Win32 SubsystemWhat Are These APIs Anyway?The Concierge: NTDLL.DLLFunctionality by Committee: The Windows Executive (NTOSKRNL.EXE)The Windows Kernel (NTOSKRNL.EXE)Device DriversThe Windows Hardware Abstraction Layer (HAL)Kernel Driver ConceptsKernel-Mode Driver ArchitectureGross Anatomy: A Skeleton DriverWDF, KMDF, and UMDFKernel-Mode RootkitsWhat Are Kernel-Mode Rootkits?Challenges Faced by Kernel-Mode RootkitsMethods and TechniquesKernel-Mode Rootkit SamplesKlog by ClandestinyAFX by AphexFU and FUTo by Jamie Butler, Peter Silberman, and C.H.A.O.SShadow Walker by Sherri Sparks and Jamie ButlerHe4Hook by He4 TeamSebek by The Honeynet ProjectSummarySummary of Countermeasures
Overview of Virtual Machine TechnologyTypes of Virtual MachinesThe HypervisorVirtualization StrategiesVirtual Memory ManagementVirtual Machine IsolationVirtual Machine Rootkit TechniquesRootkits in the Matrix: How Did We Get Here?!What Is a Virtual Rootkit?Types of Virtual RootkitsDetecting the Virtual EnvironmentEscaping the Virtual EnvironmentHijacking the HypervisorVirtual Rootkit SamplesSummary
Increases in Complexity and StealthCustom RootkitsDigitally Signed RootkitsSummary
CASE STUDY: A Wolf in Sheep’s ClothingScarewareFakewareLook of AuthenticityCountermeasures
Now and Then: The Evolution of Antivirus TechnologyThe Virus LandscapeDefinition of a VirusClassificationSimple VirusesComplex VirusesAntivirus—Core Features and TechniquesManual or “On-Demand” ScanningReal-Time or “On-Access” ScanningSignature-Based DetectionAnomaly/Heuristic-Based DetectionA Critical Look at the Role of Antivirus TechnologyWhere Antivirus ExcelsTop Performers in the Antivirus IndustryChallenges for AntivirusThe Future of the Antivirus IndustrySummary and Countermeasures
Personal Firewall CapabilitiesPersonal Firewall LimitationsPop-Up BlockersChromeFirefoxMicrosoft EdgeSafariExample Generic Pop-Up Blocker CodeSummary
HIPS ArchitecturesGrowing Past Intrusion DetectionBehavioral vs. SignatureBehavioral BasedSignature BasedAnti-Detection Evasion TechniquesHow Do You Detect Intent?HIPS and the Future of SecuritySummary
The Rootkit Author’s ParadoxA Quick HistoryDetails on Detection MethodsSystem Service Descriptor Table HookingIRP HookingInline HookingInterrupt Descriptor Table HooksDirect Kernel Object ManipulationIAT HookingLegacy DOS or Direct Disk Access HookingWindows Anti-Rootkit FeaturesSoftware-Based Rootkit DetectionLive Detection vs. Offline DetectionSystem Virginity VerifierIceSword and DarkSpyRootkitRevealerF-Secure’s BlackLight TechnologyRootkit UnhookerGMERHelios and Helios LiteMcAfee Rootkit Detective and RootkitRemoverTDSSKillerBitdefender Rootkit RemoverTrend Micro Rootkit BusterMalwarebytes Anti-RootkitAvast aswMBRCommercial Rootkit Detection ToolsOffline Detection Using Memory Analysis: The Evolution ofMemory ForensicsVirtual Rootkit DetectionHardware-Based Rootkit DetectionSummary
End-User EducationSecurity Awareness Training ProgramsDefense-in-DepthSystem HardeningAutomatic UpdatesVirtualizationBaked-In Security (from the Beginning)Summary
What Is System Integrity Analysis?The Two Ps of Integrity AnalysisPointer Validation: Detecting SSDT HooksPatch/Detour Detection in the SSDTThe Two Ps for Detecting IRP HooksThe Two Ps for Detecting IAT HooksOur Third Technique: Detecting DKOMSample Rootkit Detection Utility

Overview

Arm yourself for the escalating war against malware and rootkits
Thwart debilitating cyber-attacks and dramatically improve your organization’s security posture using the proven defense strategies in this thoroughly updated guide. Hacking Exposed™ Malware and Rootkits: Security Secrets & Solutions, Second Edition fully explains the hacker’s latest methods alongside ready-to-deploy countermeasures. Discover how to block pop-up and phishing exploits, terminate embedded code, and identify and eliminate rootkits. You will get up-to-date coverage of intrusion detection, firewall, honeynet, antivirus, and anti-rootkit technology.
• Learn how malware infects, survives, and propagates across an enterprise
• See how hackers develop malicious code and target vulnerable systems
• Detect, neutralize, and remove user-mode and kernel-mode rootkits
• Use hypervisors and honeypots to uncover and kill virtual rootkits
• Defend against keylogging, redirect, click fraud, and identity theft
• Block spear phishing, client-side, and embedded-code exploits
• Effectively deploy the latest antivirus, pop-up blocker, and firewall software
• Identify and stop malicious processes using IPS solutions

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Cyber Security and Network Security

Sabyasachi Pramanik, Debabrata Samanta, M. Vinay, Abhijit Guha

Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

Clint Bodungen, Bryan Singer, Aaron Shbeeb, Kyle Wilhoit, Stephen Hilt

Ransomware Protection Playbook

Roger A. Grimes

Network Security, Firewalls, and VPNs, 3rd Edition

J. Michael Stewart, Denise Kinsey

Publisher Resources

ISBN: 9780071825757