Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Designing BSD Rootkits", Joseph Kong

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Designing BSD Rootkits", Joseph Kong
Date: Thu, 10 Jan 2008 15:38:31 -0800 
BKDSBSDR.RVW   20071005

"Designing BSD Rootkits", Joseph Kong, 2007, 1-59327-142-5,
U$29.95/C$36.95
%A   Joseph Kong
%C   555 De Haro Street, Suite 250, San Francisco, CA   94107
%D   2007
%G   1-59327-142-5 978-1-59327-142-8
%I   No Starch Press
%O   U$29.95/C$36.95 415-863-9900 fax 415-863-9950 info@nostarch.com
%O  http://www.amazon.com/exec/obidos/ASIN/1593271425/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1593271425/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1593271425/robsladesin03-20
%O   Audience i- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   136 p.
%T   "Designing BSD Rootkits: An Introduction to Kernel Hacking"

The purpose of the book is to teach how to use techniques of
kernel-mode programming that will provide control over certain aspects
of the FreeBSD (Berkeley Systems Distribution) operating system
without making such control apparent to the user.  As a secondary aim,
the reader should also be able to consider recoding functions of the
operating system, as well as techniques for detecting and removing
rootkits.

Chapter one introduces the programming of Loadable Kernel Modules
(LKMs, which are also known as Dynamic Kernel Linkers or KLDs).  C
code for short routines and system calls are listed, although the
explanations are extremely terse, and the reader would have to be well
familiar with system programming in order to understand the use and
access to these functions.  Call hooking (or just "hooking"), the
redirection of calls to standard operations in order to modify system
behaviour, is the subject of chapter two.  Kernel objects maintain
information about the operations underway in the computer, and
therefore direct manipulation of these structures, explained in
chapter three, is necessary to hide from attempts to detect unusual
processes.  Since kernel objects also control program flow, chapter
four briefly demonstrates how to hook the structures.  Chapter five
examines the type of programming necessary to directly patch code in
the kernel memory area.

Chapter six uses the various ideas discussed earlier to create a
rootkit for avoiding detection by change-detection style host-based
intrusion detection systems (HIDS), specifically Tripwire.  Chapter
seven outlines (without code examples) techniques for detecting the
type of programming and activity described earlier in the book.

In my opening sentence, I said that the volume's purpose was to teach
kernel-mode programming.  That statement, and the preface, begs the
question of the intended audience.  Actually, the book only addresses
specific functions: it certainly doesn't teach kernel-mode programming
as such.  The reader will already have to know a fair mount of it in
order to apply the content of the tome.  The text does seem to imply
that it is hoped whitehats will use it, but is the substance really
directed at protective measures?

The material in the book does provide a number of examples of kernel-
mode programming, and may act as a guide for those interested in
exploring the areas for which code is provided.  Certain aspects of
the internals of the BSD operating systems are explained.  However,
those interested in having in-depth examinations of the operating
system, or those wishing to know about detection of these types of
applications, may wish to look elsewhere.

copyright Robert M. Slade, 2007   BKDSBSDR.RVW   20071005


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
At any given time, one third of the world's population is asleep.
That means two thirds are awake and causing problems.
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Designing BSD Rootkits", Joseph Kong, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Security awareness and training links and resources, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "Virtual Honeypots", Niels Provos/Thorsten Holz, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Security awareness and training links and resources, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]