Managed code rootkits : hooking into runtime environments

Managed code rootkits hooking into runtime environments

Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type...

Descripción completa

Detalles Bibliográficos
Autor principal: Metula, Erez (-)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Burlington, MA : Syngress 2010.
Edición:1st edition
Materias:
Computers > Access control.
Virtual computer systems > Security measures.
Rootkits (Computer software)
Common Language Runtime (Computer science)
Computer security.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628343906719
Tabla de Contenidos:
  • Front Cover; Managed Code Rootkits; Copyright; Table of Contents; Acknowledgements; About the Author; Part I: Overview; Chapter 1. Introduction; The Problem of Rootkits and Other Types of Malware; Why Do You Need This Book?; Terminology Used in This Book; Technology Background: An Overview; Summary; Chapter 2. Managed Code Rootkits; What Can Attackers Do with Managed Code Rootkits?; Common Attack Vectors; Why Are Managed Code Rootkits Attractive to Attackers?; Summary; Endnotes; Part II: Malware Development; Chapter 3. Tools of the Trade; The Compiler; The Decompiler; The Assembler
  • The DisassemblerThe Role of Debuggers; The Native Compiler; File Monitors; Summary; Chapter 4. Runtime Modification; Is It Possible to Change the Definition of a Programming Language?; Walkthrough: Attacking the Runtime Class Libraries; Summary; Chapter 5. Manipulating the Runtime; Manipulating the Runtime According to Our Needs; Reshaping the Code; Code Generation; Summary; Chapter 6. Extending the Language with a Malware API; Why Should We Extend the Language?; Extending the Runtime with a Malware API; Summary; Endnote; Chapter 7. Automated Framework Modification; What is ReFrameworker?
  • ReFrameworker Modules ConceptUsing the Tool; Developing New Modules; Setting Up the Tool; Summary; Chapter 8. Advanced Topics; "Object-Oriented-Aware " Malware; Thread Injection; State Manipulation; Covering the Traces As Native Code; Summary; Part III: Countermeasures; Chapter 9. Defending against MCRs; What Can We Do about This Kind of Threat ?; Awareness: Malware Is Everybody's Problem; The Prevention Approach; The Detection Approach; The Response Approach; Summary; Endnote; Part IV: Where Do We Go from Here?; Chapter 10. Other Uses of Runtime Modification
  • Runtime Modification As an Alternative Problem-Solving ApproachRuntime Hardening; Summary; Index

Ejemplares similares