Wrox: Professional Rootkits

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470101547,descCd-download_code.html

I picked up a copy of Professional Rootkits by Ric Vieler. So far it's
great! You get the feeling Ric is an exile from some random intel
organization that he left after about ten years of writing rootkits.
This book doesn't try to be super cutting edge - it is instead filled
with practical advice for the professional rootkit writer. It's a
small, understandable book.

One criticism: There's a weird mini-disassembler on pages 74-96, which
he uses to analyze a target binary to add hooks into it. This is the
sort of thing that is a great idea, but wastes a lot of pages in the
book. This should be downloadable, but perhaps not printed out line
for line. If you really want a disassembler, you'll also probably want
an analyzer, and you'll want do to something cool with your analyzer
in order to make your hooks "future-proof".  This is probably
something I'll have someone do with Immunity Debugger someday. A PGP
trojan that works no matter what version of PGP they have, because it
has a full binary analysis engine built in. Sound fun? Send me a
estimate. :>

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGQLj4B8JNm+PA+iURAvGnAKC9h+mzLQcbBmtMvVhvmHrGI5wpzQCfTvbF
L60KkL45TLi+aRanlJWRM0s=
=hevx
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave