gogogo
Syndetics cover image
Image from Syndetics

Managed code rootkits [electronic book] : hooking into runtime environments / Erez Metula.

By: Contributor(s): Material type: TextTextPublication details: Burlington, MA : Syngress, c2010.Description: p. cmISBN:
  • 1597495743 (electronic bk.)
  • 9781597495745 (electronic bk.)
Subject(s): Genre/Form: Additional physical formats: Print version:: Managed code rootkits.Online resources:
Contents:
Part I: Overview -- Chapter 01 - Introduction -- Chapter 02 - Managed Code Rootkits -- Part II: Malware Development -- Chapter 03 - Tools of the Trade -- Chapter 04 - Runtime Modification -- Chapter 05 - Manipulating the Runtime -- Chapter 06 - Extending the Language with a Malware API -- Chapter 07 - Automated Framework Modification -- Chapter 08 - Advanced Topics -- Part III: Countermeasures -- Chapter 09 - Defending against MCRs -- Part IV: Where Do We Go from Here? -- Chapter 10 - Other Uses of Runtime Modification.
Summary: Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack, the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker and countermeasures are covered, making this book a one stop shop for this new attack vector. Introduces the reader briefly to managed code environments and rootkits in general Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation Focuses on managed code, including Java, .NET, Android Dalvik and reviews malware development scanarios.Summary: "Introduces the reader briefly to managed code environments and rootkits in general--Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation--Focuses on managed code including Java, .Net, Android Dalvik, and reviews malware development scenarios"-- Provided by publisher.
No physical items for this record

Enhanced descriptions from Syndetics:

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language.

The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment.

The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems.

Includes bibliographical references and index.

Part I: Overview -- Chapter 01 - Introduction -- Chapter 02 - Managed Code Rootkits -- Part II: Malware Development -- Chapter 03 - Tools of the Trade -- Chapter 04 - Runtime Modification -- Chapter 05 - Manipulating the Runtime -- Chapter 06 - Extending the Language with a Malware API -- Chapter 07 - Automated Framework Modification -- Chapter 08 - Advanced Topics -- Part III: Countermeasures -- Chapter 09 - Defending against MCRs -- Part IV: Where Do We Go from Here? -- Chapter 10 - Other Uses of Runtime Modification.

Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack, the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker and countermeasures are covered, making this book a one stop shop for this new attack vector. Introduces the reader briefly to managed code environments and rootkits in general Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation Focuses on managed code, including Java, .NET, Android Dalvik and reviews malware development scanarios.

"Introduces the reader briefly to managed code environments and rootkits in general--Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation--Focuses on managed code including Java, .Net, Android Dalvik, and reviews malware development scenarios"-- Provided by publisher.

Electronic reproduction. Amsterdam : Elsevier Science & Technology, 2010. Mode of access: World Wide Web. System requirements: Web browser. Title from title screen (viewed on Nov. 3, 2010). Access may be restricted to users at subscribing institutions.

Table of contents provided by Syndetics

  • Part I Overview
  • Chapter 1 Introduction
  • Chapter 2 Managed Code Rootkits
  • Part II Malware Development
  • Chapter 3 Tools of the Trade
  • Chapter 4 Runtime Modification
  • Chapter 5 Manipulating the Runtime
  • Chapter 6 Extending the Language with a Malware API
  • Chapter 7 Automated Framework Modification
  • Chapter 8 Advanced Topics
  • Part III Countermeasures
  • Chapter 9 Defending against MCRs
  • Part IV Where Do We Go from Here?
  • Chapter 10 Other Uses of Runtime Modification

Author notes provided by Syndetics

Erez Metula (CISSP) is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide. Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at Black Hat, DEF CON, CanSecWest, OWASP, and more.

Powered by Koha