Managed Code Rootkits

Description

Imagine being able to change the languages for the applications that a computer is running and taking control over it. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack-the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, provide false information, and disable security checks. Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that a computer is running, whether that be JAVA, .NET, Android Dalvik or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered, making this book a one stop shop for this new attack vector.

* Introduces the reader briefly to managed code environments and rootkits in general
* Completely details a new type of rootkit hiding in the application level and demonstrates how a hacker can change language runtime implementation
* Focuses on managed code including Java, .NET, Android Dalvik and reviews malware development scanarios

CONTENTS:

Part I: Overview Chapter 1: Introduction Chapter 2: Managed Code Rootkits Part II: Malware Development Chapter 3: Tools of the Trade Chapter 4: Runtime Modification Chapter 5: Manipulating the Runtime Chapter 6: Extending the Language with a Malware API Chapter 7: Automated Framework Modification Chapter 8: Advanced Topics Part III: Countermeasures Chapter 9: Defending against MCRs Part IV: Where Do We Go from Here? Chapter 10: Other Uses of Runtime Modification