Managed Code Rootkits : Hooking Into Runtime Environments

Endnote -- Chapter 7. Automated Framework Modification -- What is ReFrameworker? -- ReFrameworker Modules Concept -- Using the Tool -- Developing New Modules -- Setting Up the Tool -- Summary -- Chapter 8. Advanced Topics -- "Object-Oriented-Aware " Malware -- Thread Injection -- State Manipulation -- Covering the Traces As Native Code -- Summary -- Part III: Countermeasures -- Chapter 9. Defending against MCRs -- What Can We Do about This Kind of Threat? -- Awareness: Malware Is Everybody's Problem -- The Prevention Approach -- The Detection Approach -- The Response Approach. Endnote -- Part IV: Where Do We Go from Here? -- Chapter 10. Other Uses of Runtime Modification -- Runtime Modification As an Alternative Problem-Solving Approach -- Runtime Hardening -- Summary -- Index. Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems. Named a 2011 Best Hacking and Pen Testing Book by InfoSec ReviewsIntroduces the reader briefly to managed code environments and rootkits in generalCompletely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementationFocuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios. Read more... Abstract: Endnote -- Chapter 7. Automated Framework Modification -- What is ReFrameworker? -- ReFrameworker Modules Concept -- Using the Tool -- Developing New Modules -- Setting Up the Tool -- Summary -- Chapter 8. Advanced Topics -- "Object-Oriented-Aware " Malware -- Thread Injection -- State Manipulation -- Covering the Traces As Native Code -- Summary -- Part III: Countermeasures -- Chapter 9. Defending against MCRs -- What Can We Do about This Kind of Threat? -- Awareness: Malware Is Everybody's Problem -- The Prevention Approach -- The Detection Approach -- The Response Approach. Endnote -- Part IV: Where Do We Go from Here? -- Chapter 10. Other Uses of Runtime Modification -- Runtime Modification As an Alternative Problem-Solving Approach -- Runtime Hardening -- Summary -- Index. Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems. Named a 2011 Best Hacking and Pen Testing Book by InfoSec ReviewsIntroduces the reader briefly to managed code environments and rootkits in generalCompletely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementationFocuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language.

The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment.

The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems.

• Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews
• Introduces the reader briefly to managed code environments and rootkits in general
• Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
• Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems. Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews Introduces the reader briefly to managed code environments and rootkits in general Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector. Introduces the reader briefly to managed code environments and rootkits in generalCompletely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementationFocuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios Content: Front Cover -- Managed Code Rootkits -- Copyright -- Table of Contents -- Acknowledgements -- About the Author -- Part I: Overview -- Chapter 1. Introduction -- The Problem of Rootkits and Other Types of Malware -- Why Do You Need This Book? -- Terminology Used in This Book -- Technology Background: An Overview -- Summary -- Chapter 2. Managed Code Rootkits -- What Can Attackers Do with Managed Code Rootkits? -- Common Attack Vectors -- Why Are Managed Code Rootkits Attractive to Attackers? -- Summary -- Endnotes -- Part II: Malware Development -- Chapter 3. Tools of the Trade. The Compiler -- The Decompiler -- The Assembler -- The Disassembler -- The Role of Debuggers -- The Native Compiler -- File Monitors -- Summary -- Chapter 4. Runtime Modification -- Is It Possible to Change the Definition of a Programming Language? -- Walkthrough: Attacking the Runtime Class Libraries -- Summary -- Chapter 5. Manipulating the Runtime -- Manipulating the Runtime According to Our Needs -- Reshaping the Code -- Code Generation -- Summary -- Chapter 6. Extending the Language with a Malware API -- Why Should We Extend the Language? -- Extending the Runtime with a Malware API.