"Rootkits / Subverting the Windows Kernel"
by Greg Hoglund and James Butler. Addison-Wesley, ISBN 978-0-321-29431-9
I just finished reading this book and I have to say it was worth the time. This is one of the best technical books I've read mainly because it strikes a good balance of leading you into the topic and then gradually immersing you neck deep in C coding examples, Assembler and excellent diagrams of all of the conceptual models.
Aside from mundane exercises in college, this was the first time I've seen double-linked lists explained in a way that makes them seem useful and practical. This is of course talking about Windows kernel process, and thread constructs. It dives into kernel hooking, driver and process issues, circumventing NIDS and HIDS detection methods, and strategies for a wide range of alternative insertion vectors and stealth techniques. It is written well enough to allow even a non-programmer to grasp the conceptual aspects, yet provides enough examples to entertain the inner geek.
No comments:
Post a Comment