EUR 46,96
  • Alle Preisangaben inkl. MwSt.
Nur noch 1 auf Lager (mehr ist unterwegs).
Verkauf und Versand durch Amazon.
Geschenkverpackung verfügbar.
Menge:1
The Rootkit Arsenal: Esca... ist in Ihrem Einkaufwagen hinzugefügt worden
Ihren Artikel jetzt
eintauschen und
EUR 11,60 Gutschein erhalten.
Möchten Sie verkaufen?
Zur Rückseite klappen Zur Vorderseite klappen
Anhören Wird wiedergegeben... Angehalten   Sie hören eine Probe der Audible-Audioausgabe.
Weitere Informationen
Dieses Bild anzeigen

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System (Englisch) Taschenbuch – 4. Mai 2009


Alle Formate und Ausgaben anzeigen Andere Formate und Ausgaben ausblenden
Amazon-Preis Neu ab Gebraucht ab
Taschenbuch
"Bitte wiederholen"
EUR 46,96
EUR 42,81 EUR 42,76
6 neu ab EUR 42,81 5 gebraucht ab EUR 42,76

Dieses Buch gibt es in einer neuen Auflage:

EUR 46,96 Kostenlose Lieferung. Nur noch 1 auf Lager (mehr ist unterwegs). Verkauf und Versand durch Amazon. Geschenkverpackung verfügbar.
Jeder kann Kindle Bücher lesen — selbst ohne ein Kindle-Gerät — mit der KOSTENFREIEN Kindle App für Smartphones, Tablets und Computer.


Produktinformation

  • Taschenbuch: 908 Seiten
  • Verlag: Wordware Pub Co (4. Mai 2009)
  • Sprache: Englisch
  • ISBN-10: 1598220616
  • ISBN-13: 978-1598220612
  • Größe und/oder Gewicht: 15,5 x 4,5 x 23,3 cm
  • Durchschnittliche Kundenbewertung: 5.0 von 5 Sternen  Alle Rezensionen anzeigen (2 Kundenrezensionen)
  • Amazon Bestseller-Rang: Nr. 200.709 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)

Mehr über den Autor

Entdecken Sie Bücher, lesen Sie über Autoren und mehr

Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?


In diesem Buch (Mehr dazu)
Ausgewählte Seiten ansehen
Buchdeckel | Copyright | Inhaltsverzeichnis | Auszug | Stichwortverzeichnis
Hier reinlesen und suchen:

Kundenrezensionen

5.0 von 5 Sternen
5 Sterne
2
4 Sterne
0
3 Sterne
0
2 Sterne
0
1 Sterne
0
Beide Kundenrezensionen anzeigen
Sagen Sie Ihre Meinung zu diesem Artikel

Die hilfreichsten Kundenrezensionen

3 von 3 Kunden fanden die folgende Rezension hilfreich Von haw am 17. Juli 2011
Format: Taschenbuch Verifizierter Kauf
Optimaler Einstieg ins Thema Rootkit.
Das Buch vermittelt in den ersten Kapiteln das Basiswissen das man braucht um die spannenden Themen zu verstehen.
Man sollte sich meiner Meinung nach schon ein bisschen mit dem Thema Programmierung in C beschäftigt haben und Grundkenntnisse in Assembler schaden nicht.
Wenn das Buch dann in die Systemmanipulation im Betriebssystemkernel einsteigt, dann sollte man sich vielleicht auch schon etwas mit Treiberentwicklung unter Windows auskennen.
Da dies bei mir nicht der Fall ist, habe ich nur 10% der Beispiele wirklich ausprobieren können.
Wie schon die Vorgänger beanstandet haben, gibt es den Code zu den Beispielen nur im Buch -> selber tippen...
Von mir gibt's trotzdem 5 Sterne, da es wahrscheinlich kein besseres Buch zum Thema gibt.
1 Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen
3 von 4 Kunden fanden die folgende Rezension hilfreich Von Matthias Schneider am 10. Oktober 2011
Format: Taschenbuch
Das Buch an dieser Stelle vollumfänglich oder inhaltlich detailliert zu rezensieren ist aufgrund der Fülle behandelter Themen nicht möglich.

Was ich potentiellen Käufern dagegen vor einem Buchkauf sagen kann ist, dass die Thematik in gut verständlichem Englisch geschrieben ist und das der Titel m. E. nach a) sehr gut in die Thematik einführt und b) das es sich hierbei wohl um das vollumfänglichste Werk zu diesem Thema handelt. 900 Seiten sprechen eine deutliche Sprache.

Aufgrund des Aufbaus ist dieses Werk auch für den Leien eine Investition wert, denn neben zahlreichen Code-Samples -nur im Buch/ohne CD- legt der Author, wie ich finde, viel Wert auf sachlogisches -und auch hier wieder- leicht verständliches Hintergrundwissen.

Wer schon von Hoglund/Butler [2005] begeistert war, dem sei dieser Titel wärmstens empfohlen.

Mein Fazit

Das ist starkes Kung Fu ;-)
Kommentar War diese Rezension für Sie hilfreich? Ja Nein Feedback senden...
Vielen Dank für Ihr Feedback. Wenn diese Rezension unangemessen ist, informieren Sie uns bitte darüber.
Wir konnten Ihre Stimmabgabe leider nicht speichern. Bitte erneut versuchen

Die hilfreichsten Kundenrezensionen auf Amazon.com (beta)

Amazon.com: 21 Rezensionen
34 von 37 Kunden fanden die folgende Rezension hilfreich
Awesome gigantic compilation on Rootkits 16. August 2009
Von Nagareshwar Talekar - Veröffentlicht auf Amazon.com
Format: Taschenbuch
The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System

Wow...! This was my first reaction when I received this massive 900+ pages book from Amazon. I was just spell bounded and surprised to see such an enormous amount of information compiled on the lesser known area of computer security, the Rootkits.

The book starts with basics of system internals which is essential to understand the depth of Rootkits. It covers about various memory models, interrupts, TSR, Windows architecture etc in detail. Then it delves into explaining the ingredients of Rootkit including installing and launching of the Rootkit. All these system internals have been covered in very precise and concise manner.

The chapter 5 is where the real fun starts as it goes on elaborating all the hooking mechanisms from user land to kernel and then it describes various techniques for detecting these hooking mechanisms. Later chapters does awesome job of explaining the advanced Rootkit techniques. The Anti-Forensics section is just mind blowing, no explanation needed.

One of the salient features of this book is the code samples. Every technique mentioned in this book is illustrated with well explained, working code example. This along with Rootkit detection mechanisms explored in the book sets it apart from its predecessor, Rootkit - Subverting Windows Kernel.

Its clearly evident that author has taken great pain and patience to present the darkest topic of computer arena in a very simple and understandable manner in this gigantic compilation. By far this is the very good reference book and very well recommended for any one who wants to conquer the mysterious world of Rootkits.
24 von 26 Kunden fanden die folgende Rezension hilfreich
Amazing book, not just for those researching rootkits 7. Oktober 2009
Von R. Wesley McGrew - Veröffentlicht auf Amazon.com
Format: Taschenbuch
Bill Blunden's book, The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, is one of the hidden gems out there as far as computer security books are concerned, and I hope that I can convince you to give it a look. This review has been too-long to arrive, as I haven't had the time to read that I would like. That said, I felt it was very important to finally get the review up, as this is a book that I'm sure my regular readers will enjoy.

I first spotted this book on a vendor table at Defcon, and it stood out among the rest mostly because *I hadn't heard of it*. I try to keep up with new book releases, especially on attack-oriented topics that would be of interest to the penetration testers and vulnerability analysts that read this blog. It was surprising to me that one had flown under the radar. I picked it up and flipped through the table of contents [...] (which I encourage you to do as well), and was very impressed with the amount of material it covers.

I looked up the author, and was disappointed to realize that I had missed his talk at Blackhat earlier that week (looking forward to the video). I contacted him, and he was kind enough to supply a review copy of the book. It arrived very quickly, with a humorous personal note on the inside cover, and ever since, I have been learning a lot from it.

The author's style is excellent. The material is technical and has the potential to be very dry, but the text has a very conversational tone, as if it were being presented as a lecture for a (particularly good) class. Each concept is tied back to the main topic: hiding operations and data from the user and operating system, and frustrating forensic analysis. The book reads very well, presenting enough context that you can understand it if you're reading away from a computer, and enough detail that you can follow along and experiment with it if you are at your desk.

I appreciate that this book does not attempt to hold the reader's hand throughout with the ethics of developing rootkits. The author takes a brief moment at the beginning of the book to explain the legitimate needs for security professionals to be familiar with rootkit techniques and development, and points out that the information can be found elsewhere. After this point, the book assumes a level of maturity in its reader that is greatly appreciated.

The first part of the book, "Foundations", has an excellent introduction to IA32 architecture and Windows internals that I have never seen so well-described for beginners. Even if you aren't interested in rootkits, this portion of the book is something I would recommend to anyone getting started in related fields, like reverse-engineering or exploit development. Digging further into the text, the second section on "System Modification" makes up the "meat" of the book, delving into the details of subverting Windows internals in many different ways. As technical and in-depth as the book gets, though, it never seems to leave the reader behind. Each new concept is well-explained and builds upon the material the reader has already learned. You may have to go through the text slower than you had anticipated, and go back to review previous material, but you're never left feeling hopelessly lost.

The remainder of the book is a treat, as well. I can't recall another book that goes into any kind of detail on defeating forensic analysis of memory and file systems. Anyone interested in developing forensic tools or curious about how analysis with tools like Encase and FTK might be subverted, should give it a read. The author closes the text with some strategic guidelines for rootkit development, and his own thoughts on how evasion and deception can be used to similar ends on a larger scale than operating systems.

This is now one of my favorite computer security books, and I believe that if you review its contents, you'll find that you're getting a great value for your money. If you are familiar with C and have a beginner's knowledge of IA-32 assembly, you should have the prerequisites you need to follow along with this book. I highly recommend it, and hope that it becomes less-hidden of a gem that it already is.
14 von 15 Kunden fanden die folgende Rezension hilfreich
Whoa! 11. August 2009
Von Hugh K. Boyd - Veröffentlicht auf Amazon.com
Format: Taschenbuch
Man! This thing is dangerous! The first couple of chapters provide probably one of the best overviews I've seen on the topics of IA86 and Win32 architecture. Then we get into the meat of the techniques for building rootkits. Finally, the author goes into anti-forensics. It's about as deep a dive into the subject as you'll find anywhere with examples that demonstrate how to use rootkits to pull off privilege escalation exploits, subverting group policy, hiding applications, and drivers, etc, etc. After the tutorial chapters, there are gobs and gobs of code (I only wish that it were on CD or downloadable -- but you actually learn from entering and building it). Be forewarned: the code really works!
9 von 10 Kunden fanden die folgende Rezension hilfreich
More than just a rootkit book 18. August 2009
Von J. Clark - Veröffentlicht auf Amazon.com
Format: Taschenbuch
You cannot become an expert at developing Windows Rootkits without first gaining a thorough understanding of Intel system architecture, Windows architecture and the Windows Driver Model. This book provides some of the best coverage I've seen of those topics, in addition to providing a VERY complete coverage of rootkit development.
9 von 11 Kunden fanden die folgende Rezension hilfreich
Leading candidate for Best Book Bejtlich Read 2010 24. April 2010
Von Richard Bejtlich - Veröffentlicht auf Amazon.com
Format: Taschenbuch
Disclaimer: Bill mentions me and my book "Real Digital Forensics" on pages xxvi and 493. He sent me a free review copy of his book.

"Wow." That summarizes my review of "The Rootkit Arsenal" (TRA) by Bill Blunden. If you're a security person and you plan to read one seriously technical book this year, make it TRA. If you decide to really focus your attention, and try the examples in the book, you will be able to write Windows rootkits. Even without taking a hands-on approach, you will learn why you can't trust computers to defend themselves or report their condition in a trustworthy manner.

Author Bill Blunden is an excellent technical writer. He keeps the reader's attention despite the mind-numbing complexity of some of his topics. He also provides exceptional background material and knows how to lead the reader through a series of learning sessions prior to directly addressing writing rootkits. Thanks to this progressive method, the reader acquires a thorough grounding in a variety of topics neglected by other texts. I highly recommend reading this book prior to other books on rootkits, although motivated readers might want to read books like Windows Internals, 5th Ed, prior to TRA.

I especially appreciated Bill's practical approach; he frequently shares tips to solve problems readers will encounter. For example, he describes how to access Microsoft symbols via a remote symbol server, rather than just downloading outdated symbols to a local system. He also explained how to set up a remote kernel debugger using a null modem.

Two other aspects of TRA made an impression on me. Bill very thoroughly discusses Windows and rootkit technology. He outlines numerous options, then examines the pros and cons of each technique. Bill also gives plenty of credit to rootkit pioneers by name, and cites their work frequently. I applaud authors who give both give credit where it is due and recognize that they build on the work of their predecessors.

I have no complaints with TRA. An earlier reviewer bemoaned not be able to download source code from the book's examples, but they are online. (I posted a link in a comment to that earlier review.) I must admit I am not a rootkit developer, so I am not qualified to comment on the nature of the techniques nor the way Bill implements them in his code. However, readers who want to validate his recommendations can download and implement his code for themselves.
Waren diese Rezensionen hilfreich? Wir wollen von Ihnen hören.