Chapter 2 Managed Code Rootkits

Managed code rootkits are different from traditional malware because they operate at the virtual machine abstraction layer, and not at “concrete” layers such as the operating system or hardware layer. Because managed code rootkits act as part of the runtime, they influence the applications that use it. And because they're usually used after the attacker has full control of the system, they're not considered a danger by themselves, but rather a way to make the danger easier to inflict. Attackers can do many things with managed code rootkits, from providing ...

Get Managed Code Rootkits now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.