About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide

Purchase on Amazon


Visitor Count...

View My Stats

« Book Review - Hacking RSS and Atom by Leslie M. Orchard | Main| Book Review - Hacking Wireless Networks For Dummies by Kevin Beaver and Peter T. Davis »

Book Review - Rootkits By Greg Hoglund and James Butler

Category Book Reviews

I don't think I've ever seen a book as detailed as this on "subverting" an operating system...  Rootkits - Subverting The Windows Kernel by Greg Hoglund and James Butler.

Contents: Leave No Trace; Subverting the Kernel; The Hardware Connection; The Age-Old Art of Hooking; Runtime Patching; Layered Drivers; Hardware Manipulation; Covert Channels; Rootkit Detection; Index

Hoglund and Butler have devoted a lot of time to understanding how the Windows kernel works, as well as how rootkits can be utilized to manipulate the kernel.  This knowledge led to the website rootkit.com, and subsequently to this book.  They explore the definition of rootkits, how they work, and how they can remain hidden from detection.  Using the C language, they go into great depth on how rootkit kernel manipulation can be accomplished.  If you have a basic knowledge of C, you'll be able to follow along and learn the intricacies of the kernel.

It'd be tempting to wonder why all this dangerous knowledge should be put in book form for junior hackers to use.  For one, this isn't script kiddy material.  If you don't know how to program (and in C), the book is basically far over your head.  I suppose if you were bent towards building your own rootkit for world domination, this material would help.  But in reality, this information is probably already accessible to those who would abuse it in the first place.  Having a compiled volume of the information helps "the good guys" understand the risks involved as well as how you can protect yourself from rootkit attacks in your own environment.

While programming geeks will likely get the most value from this book, all security experts need to understand the concepts covered here.  The worst thing isn't finding out you've been "owned" with a rootkit on your network.  It's *not* knowing the rootkit is there...

Post A Comment


Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.


Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives