Part I: Overview Chapter 1: Introduction Chapter 2: Managed Code Rootkits Part II: Malware Development Chapter 3: Tools of the Trade Chapter 4: Runtime Modification Chapter 5: Manipulating the Runtime Chapter 6: Extending the Language with a Malware API Chapter 7: Automated Framework Modification Chapter 8: Advanced Topics Part III: Countermeasures Chapter 9: Defending against MCRs Part IV: Where Do We Go from Here? Chapter 10: Other Uses of Runtime Modification
Über den Autor
Erez Metula (CISSP) is an application security researcher specializing in secure development practices, penetration testing, code reviews, and security training for developers. He has extensive hands-on experience performing security assessments and training for organizations worldwide. Erez is the founder of AppSec. He is also a leading instructor at many information security training sessions. He is a constant speaker at security conferences, and has spoken at Black Hat, DEF CON, CanSecWest, OWASP, and more.
Imagine being able to change the language that a computer is running and taking over control. That is exactly what managed code rootkits can do when they are placed within a computer. This new type of rootkit is hiding in a place that had previously been safe from this type of attack, the application level. Code reviews do not currently look for back doors in the virtual machine (VM) where this new rootkit would be injected. An invasion of this magnitude allows an attacker to steal information on the infected computer, fixate encryption keys, and disable security checks. Author Erez Metula shows the reader how these rootkits are developed and inserted and how this attack can change the managed code that it is running whether that be JAVA, .NET, or any other managed code. Management development scenarios, tools like ReFrameworker, and countermeasures are covered to make this book a one-stop shop for this new attack vector.