Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats
暫譯: 根套件與啟動套件:逆向分析現代惡意軟體與下一代威脅
Alex Matrosov , Eugene Rodionov , Sergey Bratus
- 出版商: No Starch Press
- 出版日期: 2019-05-03
- 售價: $1,750
- 貴賓價: 9.5 折 $1,663
- 語言: 英文
- 頁數: 448
- 裝訂: Paperback
- ISBN: 1593277164
- ISBN-13: 9781593277161
-
相關分類:
資訊安全
-
相關翻譯:
Rootkit 和 Bootkit:現代惡意軟件逆向分析和下一代威脅 (簡中版)
立即出貨 (庫存 < 4)
買這商品的人也買了...
-
Design Patterns: Elements of Reusable Object-Oriented Software (Hardcover)$2,500$2,375 -
Writing Secure Code, 2/e (Paperback)$2,050$1,948 -
$2,250The IDA Pro Book : The Unofficial Guide to the World's Most Popular Disassembler, 2/e (Paperback) -
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Paperback)$2,240$2,128 -
Embedded Firmware Solutions: Development Best Practices for the Internet of Things (Paperback)$1,810$1,720 -
操作系統真象還原$773$734 -
Functional Programming in C++: How to improve your C++ programs using functional techniques (Paperback)$1,840$1,748 -
Malware Data Science: Attack Detection and Attribution$1,700$1,615 -
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly (Paperback)$1,750$1,663 -
不會 C 也是資安高手:用 Python 和駭客大戰三百回合$620$490 -
知識圖譜:概念與技術$602$566 -
駭客自首:極惡網路攻擊的內幕技巧$780$616 -
$505內網安全攻防 : 滲透測試實戰指南 -
機器學習的數學基礎 : AI、深度學習打底必讀$580$458 -
黑客之道 : 漏洞發掘的藝術, 2/e (Hacking: The Art of Exploitation, 2/e)$714$678 -
CTF 特訓營:技術詳解、解題方法與競賽技巧$534$507 -
駭客廝殺不講武德:CTF 強者攻防大戰直擊$1,000$700 -
Windows APT Warfare:惡意程式前線戰術指南$600$468 -
駭客們好自為之:CTF 大賽 PWN 奪旗技術大展$1,000$790 -
黑帽 Python|給駭客與滲透測試者的 Python 開發指南, 2/e (Black Hat Python : Python Programming for Hackers and Pentesters, 2/e)$450$356 -
Rootkit 和 Bootkit:現代惡意軟件逆向分析和下一代威脅$774$735 -
Learn Enough JavaScript to Be Dangerous: A Tutorial Introduction to Programming with JavaScript$1,580$1,501 -
物聯網時代的 15堂資安基礎必修課$620$434 -
Learn Enough Python to Be Dangerous: Software Development, Flask Web Apps, and Beginning Data Science with Python (Paperback)$1,580$1,501 -
一本精通 - Python 範例應用大全:Python 詳細語法教學 & 100+ 個 Python 範例$880$695
商品描述
Rootkits and Bootkits will teach you how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware.
With the aid of numerous case studies and professional research from three of the world’s leading security experts, you’ll trace malware development over time from rootkits like TDL3 to present-day UEFI implants and examine how they infect a system, persist through reboot, and evade security software. As you inspect and dissect real malware, you’ll learn:
• How Windows boots—including 32-bit, 64-bit, and UEFI mode—and where to find vulnerabilities
• The details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard
• Reverse engineering and forensic techniques for analyzing real malware, including bootkits like Rovnix/Carberp, Gapz, TDL4, and the infamous rootkits TDL3 and Festi
• How to perform static and dynamic analysis using emulation and tools like Bochs and IDA Pro
• How to better understand the delivery stage of threats against BIOS and UEFI firmware in order to create detection capabilities
• How to use virtualization tools like VMware Workstation to reverse engineer bootkits and the Intel Chipsec tool to dig into forensic analysis
Cybercrime syndicates and malicious actors will continue to write ever more persistent and covert attacks, but the game is not lost. Explore the cutting edge of malware analysis with Rootkits and Bootkits.
商品描述(中文翻譯)
《Rootkits and Bootkits》將教您如何理解和對抗深埋於機器啟動過程或 UEFI 韌體中的複雜、高級威脅。
透過來自三位全球頂尖安全專家的眾多案例研究和專業研究,您將追溯惡意軟體的發展歷程,從像 TDL3 的 rootkits 到當今的 UEFI 植入物,並檢視它們如何感染系統、在重啟後持續存在以及逃避安全軟體的檢測。當您檢查和剖析真實的惡意軟體時,您將學到:
• Windows 的啟動過程——包括 32 位元、64 位元和 UEFI 模式——以及如何找到漏洞
• 啟動過程安全機制的細節,如 Secure Boot,包括虛擬安全模式 (Virtual Secure Mode, VSM) 和 Device Guard 的概述
• 反向工程和取證技術,用於分析真實的惡意軟體,包括像 Rovnix/Carberp、Gapz、TDL4 和臭名昭著的 rootkits TDL3 和 Festi 的 bootkits
• 如何使用模擬和工具如 Bochs 和 IDA Pro 進行靜態和動態分析
• 如何更好地理解針對 BIOS 和 UEFI 韌體的威脅交付階段,以便創建檢測能力
• 如何使用虛擬化工具如 VMware Workstation 來反向工程 bootkits,以及使用 Intel Chipsec 工具進行取證分析
網路犯罪集團和惡意行為者將繼續撰寫越來越持久和隱蔽的攻擊,但遊戲並未結束。與《Rootkits and Bootkits》一起探索惡意軟體分析的前沿。
作者簡介
Alex Matrosov is a leading offensive security researcher at NVIDIA. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Before joining NVIDIA, Alex served as Principal Security Researcher at Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers and is a frequent speaker at security conferences, including REcon, ZeroNights, Black Hat, DEFCON, and others. Alex received an award from Hex-Rays for his open source plug-in HexRaysCodeXplorer, supported since 2013 by the team at REhint.
Eugene Rodionov, PhD, is a Security Researcher at Intel working in BIOS security for Client Platforms. Before that, Rodionov ran internal research projects and performed in-depth analysis of complex threats at ESET. His fields of interest include firmware security, kernel-mode programming, anti-rootkit technologies, and reverse engineering. Rodionov has spoken at security conferences, such as Black Hat, REcon, ZeroNights, and CARO, and has co-authored numerous research papers.
Sergey Bratus is a Research Associate Professor in the Computer Science Department at Dartmouth College. He has previously worked at BBN Technologies on Natural Language Processing research. Bratus is interested in all aspects of Unix security, in particular Linux kernel security, and detection and reverse engineering of Linux malware.
作者簡介(中文翻譯)
亞歷克斯·馬特羅索夫是NVIDIA的首席攻擊安全研究員。他擁有超過二十年的逆向工程、高級惡意軟體分析、韌體安全和利用技術的經驗。在加入NVIDIA之前,亞歷克斯曾擔任英特爾安全卓越中心(SeCoE)的首席安全研究員,並在英特爾高級威脅研究團隊工作了超過六年,還曾擔任ESET的高級安全研究員。亞歷克斯撰寫和共同撰寫了多篇研究論文,並且是多個安全會議的常客演講者,包括REcon、ZeroNights、Black Hat、DEFCON等。亞歷克斯因其開源插件HexRaysCodeXplorer獲得Hex-Rays的獎項,該插件自2013年以來由REhint團隊支持。
尤金·羅迪奧諾夫,博士,是英特爾的安全研究員,專注於客戶平台的BIOS安全。在此之前,羅迪奧諾夫在ESET負責內部研究項目並對複雜威脅進行深入分析。他的研究興趣包括韌體安全、內核模式編程、反rootkit技術和逆向工程。羅迪奧諾夫曾在多個安全會議上發表演講,如Black Hat、REcon、ZeroNights和CARO,並共同撰寫了多篇研究論文。
謝爾蓋·布拉圖斯是達特茅斯學院計算機科學系的研究副教授。他曾在BBN Technologies從事自然語言處理研究。布拉圖斯對Unix安全的各個方面感興趣,特別是Linux內核安全,以及Linux惡意軟體的檢測和逆向工程。
