by Alex Matrosov, Eugene Rodionov, and Sergey Bratus
Spring 2017, 304 pp.
Get 30% off with the coupon code EARLYBIRD
Modern malware is always evolving because malware authors are constantly finding new ways to bypass security and avoid detection. Defending against (and even discovering) the latest malicious software requires cunning and extensive expertise because attackers have become much more sophisticated.
One particularly fascinating and threatening area of malware development is that of rootkits and bootkits. We’re talking hard stuff – attacks buried deep in a machine’s boot process or firmware. These are the kind of attacks that keep malware analysts up late at night. But help is on the way.
In Rootkits and Bootkits, authors Alex Matrosov, Eugene Rodionov, and Sergey Bratus share the knowledge and expertise they’ve gained during years of professional research. You’ll learn how to expose hidden files systems that can make rootkits so hard to identify and remove. You’ll explore how malware has evolved from rootkits like TDL3 to the present; how this stealthy software can take hold of a system; and how to counter anti-debugging, anti-disassembly, and anti-virtual machine measures. You’ll also learn how bootkits work, and how Windows boots so that you can better prevent infections in the first place.
Cybercrime syndicates and malicious actors keep pushing the envelope, writing ever more persistent and covert attacks. But the game is not lost. In this low-level tour through the wilds of malware, you’ll learn how to reverse next generation threats. Explore the cutting edge of malware analysis with Rootkits and Bootkits.
About the Author
Alex Matrosov has more than 10 years experience with malware analysis, reverse engineering and advanced exploitation techniques. He is a senior security researcher in the Advanced Threat Research team at Intel Security Group and prior to this role, he spent four years focused on advanced malware research at ESET. Matrosov is co-author of numerous research papers including Stuxnet Under the Microscope, and is frequently invited to speak at major security conferences such as REcon, ZeroNights, Black Hat and Virus Bulletin.
Eugene Rodionov, PhD, graduated with honors from the Information Security faculty of the Moscow Engineer-Physics Institute. He currently works at ESET, where he is involved with internal research projects and performs in-depth analysis of complex threats. His interests include kernel-mode programming, anti-rootkit technologies and reverse engineering. Rodionov has spoken at security conferences such as REcon, Virus Bulletin, ZeroNights, CARO and AVAR, and has co-authored numerous research papers.
Sergey Bratus is a Research Associate Professor in the Computer Science Department at Dartmouth College. He has previously worked at BBN Technologies on Natural Language Processing research. Bratus is interested in all aspects of Unix security, in particular in Linux kernel security, and detection and reverse engineering of Linux malware.
Table of Contents
Part 1: ROOTKITS
Part 2: BOOTKITS
Part 3: DEFENSE AND FORENSIC TECHNIQUES