Managed Code Rootkits

Managed Code Rootkits

Hooking into Runtime Environments

1st Edition - October 28, 2010

Write a review

  • Author: Erez Metula
  • eBook ISBN: 9781597495752
  • Paperback ISBN: 9781597495745

Purchase options

Purchase options
DRM-free (EPub, PDF, Mobi)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems.

Key Features

  • Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
  • Introduces the reader briefly to managed code environments and rootkits in general
  • Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
  • Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios


Intermediate to advanced pen testers; hackers; malware researchers; software engineers; OS designers and developers

Table of Contents

  • Acknowledgements

    About the Author

    Part I Overview

        Chapter 1 Introduction

             The Problem of Rootkits and Other Types of Malware

             Why Do You Need This Book?

             Terminology Used in This Book

             Technology Background: An Overview


        Chapter 2 Managed Code Rootkits

             What Can Attackers Do with Managed Code Rootkits?

             Common Attack Vectors

             Why Are Managed Code Rootkits Attractive to Attackers?



    Part II Malware Development

        Chapter 3 Tools of the Trade

             The Compiler

             The Decompiler

             The Assembler

             The Disassembler

             The Role of Debuggers

             The Native Compiler

             File Monitors


        Chapter 4 Runtime Modification

             Is It Possible to Change the Definition of a Programming Language?

             Walkthrough: Attacking the Runtime Class Libraries


        Chapter 5 Manipulating the Runtime

             Manipulating the Runtime According to Our Needs

             Reshaping the Code

             Code Generation


        Chapter 6 Extending the Language with a Malware API

             Why Should We Extend the Language?

             Extending the Runtime with a Malware API



        Chapter 7 Automated Framework Modification

             What is ReFrameworker?

             ReFrameworker Modules Concept

             Using the Tool

             Developing New Modules

             Setting Up the Tool


        Chapter 8 Advanced Topics

             “Object-Oriented-Aware” Malware

             Thread Injection

             State Manipulation

             Covering the Traces as Native Code


    Part III Countermeasures

        Chapter 9 Defending against MCRs

             What Can We Do about This Kind of Threat?

             Awareness: Malware Is Everybody’s Problem

             The Prevention Approach

             The Detection Approach

             The Response Approach



    Part IV Where Do We Go From Here?

        Chapter 10 Other Uses of Runtime Modification

             Runtime Modification As an Alternative Problem-Solving Approach

             Runtime Hardening



Product details

  • No. of pages: 336
  • Language: English
  • Copyright: © Syngress 2010
  • Published: October 28, 2010
  • Imprint: Syngress
  • eBook ISBN: 9781597495752
  • Paperback ISBN: 9781597495745

About the Author

Erez Metula

Erez Metula (CISSP) is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide. Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at Black Hat, DEF CON, CanSecWest, OWASP, and more.

Affiliations and Expertise

CISSP, Founder of AppSec

Ratings and Reviews

Write a review

There are currently no reviews for "Managed Code Rootkits"