Rootkits : Subverting the Windows Kernel

As I was writing about Mark's webcast tomorrow, it got me to thinking about Greg Hoglund's rootkit.com site. I knew it was recently DDOS by some immature kids that didn't like being questioned/insulted on the site, and I was curious to see if it was back up.

As I was checking on the site, I came across an interesting discovery. Looks like Greg is almost done his next security book, entitled Rootkits : Subverting the Windows Kernel. According to Amazon it should be out sometime in July. From what I have read in the TOC, this is one of those books you will love to hate. On one side it shows you how to:

• Understand the role of rootkits in remote command/control and software eavesdropping
  
• Build kernel rootkits that can make processes, files, and directories invisible
  
• Master key rootkit programming techniques, including hooking, runtime patching, and directly manipulating kernel objects
  
• Work with layered drivers to implement keyboard sniffers and file filters
  
• Establish covert channels for retaining control over systems with installed rootkits
  
• Detect rootkits and built host-based intrusion prevention software that resists rootkit attacks
  
• Discover legitimate uses for rootkits by law enforcement and security organizations

As you can see, a LOT of potential for misuse. On the other hand, the only way to defend against such attacks is to fully understand how they are performed. And all this information has been in the underground for years anyways, so this book isn't giving away any major secrets.

So, looks like another book I will have to pick up. God I wish I could read using osmosis. Then I could just stack a pile of books on my head when I go to bed and keep up!

Posted by SilverStr at June 6, 2005 07:54 AM | TrackBack