Managed Code Rootkits
Hooking into Runtime Environments
- Erez Metula, CISSP, Founder of AppSec
AudienceIntermediate to advanced pen testers; hackers; malware researchers; software engineers; OS designers and developers
- Published: October 2010
- Imprint: SYNGRESS
- ISBN: 978-1-59749-574-5
"A well-put-together work: I was able to put some of the tasks to work for me right away. An excellent resource: Technical enough to be useful, but not overly technical." -- Chris Griffin, Trainer, ISECOM USA "As someone who has to deal with .NET security every day, I always look for new ideas and tools to make .NET applications more secure. This book provides both. It's especially valuable when you have to protect apps without having access to their original source code." -- Kyle C. Quest, GREM, GWAPT, GCIH, GCFA, GCIA, GCWN, GCUX, GCFW, GSNA, CISSP, CIPP, Director of Security Engineering, MetraTech "Overall the book is very well structured and presented in a way that maintains the reader’s interest as the author delves ever deeper into why hackers use MCRs to target an organisation’s applications. Continuity of the content is maintained by helpful summaries at the end of each chapter… Mr Metula is a consummate and talented security practitioner who knows his subject thoroughly. I consider this book to be excellent value for money and would recommend it to any security professional. In today’s austere economic climate, modern IT solutions are being sought that are proven value for money. The use of virtual servers is rapidly increasing as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."--InfoSecReviews.com
Table of Contents
About the Author
Part I Overview
Chapter 1 Introduction
The Problem of Rootkits and Other Types of Malware
Why Do You Need This Book?
Terminology Used in This Book
Technology Background: An Overview
Chapter 2 Managed Code Rootkits
What Can Attackers Do with Managed Code Rootkits?
Common Attack Vectors
Why Are Managed Code Rootkits Attractive to Attackers?
Part II Malware Development
Chapter 3 Tools of the Trade
The Role of Debuggers
The Native Compiler
Chapter 4 Runtime Modification
Is It Possible to Change the Definition of a Programming Language?
Walkthrough: Attacking the Runtime Class Libraries
Chapter 5 Manipulating the Runtime
Manipulating the Runtime According to Our Needs
Reshaping the Code
Chapter 6 Extending the Language with a Malware API
Why Should We Extend the Language?
Extending the Runtime with a Malware API
Chapter 7 Automated Framework Modification
What is ReFrameworker?
ReFrameworker Modules Concept
Using the Tool
Developing New Modules
Setting Up the Tool
Chapter 8 Advanced Topics
Covering the Traces as Native Code
Part III Countermeasures
Chapter 9 Defending against MCRs
What Can We Do about This Kind of Threat?
Awareness: Malware Is Everybody’s Problem
The Prevention Approach
The Detection Approach
The Response Approach
Part IV Where Do We Go From Here?
Chapter 10 Other Uses of Runtime Modification
Runtime Modification As an Alternative Problem-Solving Approach