[Dailydave] Wrox: Professional Rootkits
assault at hush.com
assault at hush.com
Tue May 8 16:59:21 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 08 May 2007 23:10:36 +0300 James Butler <butlerjr at acm.org>
wrote:
....
>My problem with his book is that it makes no attempt to cite
>previous bodies
>of work.
as do so many others. even u.
> As one example, he talks of DKOM tricks of how to hide
>processes
>without mentioning FU.
are you suggesting that fu was the first to introduce /dev/mem
walki^W^Wdkom?
> He even renames structures I have used in
>talks and
>papers, which are Microsoft structure names. If the reader is not
>familiar
>with the space, you would think he invented every rootkit
>technique
>currently being used, when in actuality, his book doesn't bring
>anything new
>to the table.
just like yours, i assume? or are u completely ignoring yearz of
dos/linux malware research? do you mind telling what parts of the
rootkits book are the result of your own research?
>
>For the rest of you who haven't bought it yet, please consider
>carefully
>before you support someone blatantly making a profit from other
>people's
>work.
assault
>
>Jamie
>
>It is because of Ric and companies with this attitude that has
>driven the
>free disclosure of ideas underground on rootkit.com.
>
>Yes, I have a dog in this fight.
>
>
>-----Original Message-----
>From: dailydave-bounces at lists.immunitysec.com
>[mailto:dailydave-bounces at lists.immunitysec.com] On Behalf Of Dave
>Aitel
>Sent: Tuesday, May 08, 2007 1:53 PM
>To: dailydave
>Subject: [Dailydave] Wrox: Professional Rootkits
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>http://www.wrox.com/WileyCDA/WroxTitle/productCd-0470101547,descCd-
>download_
>code.html
>
>I picked up a copy of Professional Rootkits by Ric Vieler. So far
>it's
>great! You get the feeling Ric is an exile from some random intel
>organization that he left after about ten years of writing
>rootkits.
>This book doesn't try to be super cutting edge - it is instead
>filled with
>practical advice for the professional rootkit writer. It's a
>small,
>understandable book.
>
>One criticism: There's a weird mini-disassembler on pages 74-96,
>which he
>uses to analyze a target binary to add hooks into it. This is the
>sort of
>thing that is a great idea, but wastes a lot of pages in the book.
>This
>should be downloadable, but perhaps not printed out line for line.
>If you
>really want a disassembler, you'll also probably want an analyzer,
>and
>you'll want do to something cool with your analyzer in order to
>make your
>hooks "future-proof". This is probably something I'll have
>someone do with
>Immunity Debugger someday. A PGP trojan that works no matter what
>version of
>PGP they have, because it has a full binary analysis engine built
>in. Sound
>fun? Send me a estimate. :>
>
>- -dave
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>
>iD8DBQFGQLj4B8JNm+PA+iURAvGnAKC9h+mzLQcbBmtMvVhvmHrGI5wpzQCfTvbF
>L60KkL45TLi+aRanlJWRM0s=
>=hevx
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Dailydave mailing list
>Dailydave at lists.immunitysec.com
>http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>_______________________________________________
>Dailydave mailing list
>Dailydave at lists.immunitysec.com
>http://lists.immunitysec.com/mailman/listinfo/dailydave
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.5
wpwEAQECAAYFAkZA4+wACgkQwRKs9FnnsLTk0AP9GpjoKe+8Sd0+nuSHpTEsd0wXuMPg
17kC4qB3OQ2Gan1bYYXg/g2AXoecH9ssdLhudmvg1RD6x39SebiEJaaPAJZL6zE8HUxs
3bWN1lJhkWscCF2d8dcrIfLkzSlXsizi8qAQqkIpV1S72STi1oazbEtH2yEmYRZHsc1P
VvgnlK0=
=mwWQ
-----END PGP SIGNATURE-----
--
Click to find great rates on health insurance, save big, shop here
http://tagline.hushmail.com/fc/CAaCXv1QUczjhn9SvhpWprcUgMFaWVn0/
More information about the Dailydave
mailing list