Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

<i>Rootkits and Bootkits</i> will teach you how to understand and counter sophisticated, advanced threats buried deep in a machine’s boot process or UEFI firmware.<br><br>With the aid of numerous case studies and professional research from three of the world’s leading security experts, you’ll trace malware development over time from rootkits like TDL3 to present-day UEFI implants and examine how they infect a system, persist through reboot, and evade security software. As you inspect and dissect real malware, you’ll learn:<br><br>• How Windows boots—including 32-bit, 64-bit, and UEFI mode—and where to find vulnerabilities<br>• The details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard <br>• Reverse engineering and forensic techniques for analyzing real malware, including bootkits like Rovnix/Carberp, Gapz, TDL4, and the infamous rootkits TDL3 and Festi<br>• How to perform static and dynamic analysis using emulation and tools like Bochs and IDA Pro <br>• How to better understand the delivery stage of threats against BIOS and UEFI firmware in order to create detection capabilities<br>• How to use virtualization tools like VMware Workstation to reverse engineer bootkits and the Intel Chipsec tool to dig into forensic analysis<br><br>Cybercrime syndicates and malicious actors will continue to write ever more persistent and covert attacks, but the game is not lost. Explore the cutting edge of malware analysis with <i>Rootkits and Bootkits.<br></i><br> <b>Covers boot processes for Windows 32-bit and 64-bit operating systems.</b>