Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.
Introduces the reader briefly to managed code environments and rootkits in general Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios Review "A well-put-together work: I was able to put some of the tasks to work for me right away. An excellent resource: Technical enough to be useful, but not overly technical." -- Chris Griffin, Trainer, ISECOM USA
"As someone who has to deal with .NET security every day, I always look for new ideas and tools to make .NET applications more secure. This book provides both. It's especially valuable when you have to protect apps without having access to their original source code." -- Kyle C. Quest, GREM, GWAPT, GCIH, GCFA, GCIA, GCWN, GCUX, GCFW, GSNA, CISSP, CIPP, Director of Security Engineering, MetraTech
"Overall the book is very well structured and presented in a way that maintains the reader's interest as the author delves ever deeper into why hackers use MCRs to target an organisation's applications. Continuity of the content is maintained by helpful summaries at the end of each chapter. Mr Metula is a consummate and talented security practitioner who knows his subject thoroughly. I consider this book to be excellent value for money and would recommend it to any security professional. In today's austere economic climate, modern IT solutions are being sought that are proven value for money. The use of virtual servers is rapidly increasing as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks."-- InfoSecReviews.com
"In today's austere economic climate, modern IT solutions are being sought?that are proven value for money. The use of virtual servers is rapidly increasing?as they provide better utilisation and increased productivity of existing resources. This book highlights the risks of adopting such technology and provides valuable advice on countermeasures to mitigate those risks." --Best Hacking and Pen Testing Books in InfoSecReviews Book Awards
From the Back Cover Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.

motw/Managed Code Rootkits_ Hooking Into Runtim - Erez Metula.pdf

nexusstc/Managed Code Rootkits: Hooking into Runtime Environments/5753c5cc42381d8284a917653e623312.pdf

lgli/_496901.5753c5cc42381d8284a917653e623312.pdf

lgrsnf/_496901.5753c5cc42381d8284a917653e623312.pdf

zlib/Business & Economics/Erez Metula/Managed Code Rootkits: Hooking Into Runtime Environments_1182442.pdf

Metula, Erez

Syngress Publishing

United States, United States of America

Burlington, MA, Massachusetts, 2010

Elsevier Ltd., Amsterdam, 2011

1, PS, 2010

2011 12 30

lg744420

{"edition":"1","isbns":["1597495743","9781597495745"],"last_page":336,"publisher":"Syngress","volume":"1"}

Memory of the World Librarian: Quintus

Includes bibliographical references and index.

Managed Code Rootkits 4
Copyright 5
Table of Contents
6
Acknowledgements 12
About the Author 14
Part I: Overview
16
Chapter 1. Introduction
18
The Problem of Rootkits and Other Types of Malware 19
Why Do You Need This Book? 21
Terminology Used in This Book 24
Technology Background: An Overview 25
Summary 36
Chapter 2. Managed Code Rootkits
38
What Can Attackers Do with Managed Code Rootkits? 39
Common Attack Vectors 41
Why Are Managed Code Rootkits Attractive to Attackers? 45
Summary 50
Endnotes 51
Part II: Malware Development
52
Chapter 3. Tools of the Trade
54
The Compiler 55
The Decompiler 57
The Assembler 61
The Disassembler 64
The Role of Debuggers 67
The Native Compiler 71
File Monitors 75
Summary 76
Chapter 4. Runtime Modification 78
Is It Possible to Change the Definition of a Programming Language? 78
Walkthrough: Attacking the Runtime Class Libraries 86
Summary 114
Chapter 5. Manipulating the Runtime 116
Manipulating the Runtime According to Our Needs 116
Reshaping the Code 144
Code Generation 154
Summary 157
Chapter 6. Extending the Language with a Malware API
158
Why Should We Extend the Language? 158
Extending the Runtime with a Malware API 161
Summary 194
Endnote 195
Chapter 7. Automated Framework Modification
196
What is ReFrameworker?
197
ReFrameworker Modules Concept 199
Using the Tool 211
Developing New Modules 221
Setting Up the Tool 227
Summary 231
Chapter 8. Advanced Topics
234
“Object-Oriented-Aware ” Malware 235
Thread Injection 246
State Manipulation 252
Covering the Traces As Native Code 262
Summary 272
Part III: Countermeasures
274
Chapter 9. Defending against MCRs
276
What Can We Do about This Kind of Threat ? 276
Awareness: Malware Is
Everybody’s Problem 278
The Prevention Approach 283
The Detection Approach 287
The Response Approach 299
Summary 304
Endnote 305
Part IV: Where Do We Go from Here?
306
Chapter 10. Other Uses of Runtime Modification
308
Runtime Modification As an Alternative Problem-Solving Approach 308
Runtime Hardening 312
Summary 325
Index 326

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems. Named a 2011 Best Hacking and Pen Testing Book by InfoSec Reviews Introduces the reader briefly to managed code environments and rootkits in general Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation Focuses on managed code including Java,.NET, Android Dalvik and reviews malware development scanarios

<p>Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack—the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.</p><br><br><ul><li>Named a 2011 Best Hacking and Pen Testing Book by <i>InfoSec Reviews</i></li><li>Introduces the reader briefly to managed code environments and rootkits in general</li><li>Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation</li><li>Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios</li></ul>

Imagine being able to change the languages for the applications & nbsp;that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack, the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. & nbsp;Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code & nbsp;that a computer & nbsp;is running whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker and countermeasures are covered, making & nbsp;this book a one stop shop for this new attack vector. Introduces the reader briefly to managed code environments and rootkits in general Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation Focuses on managed code, including Java, .NET, Android Dalvik and reviews malware development scanarios

2012-02-04