Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

There are very few books that cover this topic and this book does it very well. It does expect, however, that you already know the fundamentals of reversing (and there are plenty of good books out there that cover those topics).I have been wrestling with people who have been using bootkits and rootkits on my computers and this book has really helped me understand how they are doing it. Now...do they have a book that will help you get them off (for less experienced programmers)?PS I suspect that many of the negative comments are by hackers.

Book came in TOP QUALITY, not a scratch on it. Perfect condition and showed up FAST. I love this book, there is some IN DEPTH KNOWLEDGE HERE. I recommend this book to any professional who wants to take their understanding to the next level. Rootkits and Bootkits can be "slept-on" in the security field. I feel like some people just forget that they are a MASSIVE problem. This book shows you the deep inner workings of how they work and why they work.

The book was lost by DHL during the delivery... It's the best evidience of it's top quality :D

I have no idea what the one star review is about. The knowledge this book contains is quite the bang for your buck at the MSRP of $50 and I'm certain that non of this content was available to the authors while they were first learning about bootkits. And heaven forbid they include some fun, concise, personal stories to show that they're humans writing the book and not robots.If you're looking for pages upon pages of screenshots of IDA Pro.. maybe look elsewhere? Perhaps a video tutorial...? I think the authors did a great job of condensing a huge topic, but keeping just the valuable pieces. I'm sure it was no easy feat keeping this book just under 500 pages.For context, I'm a general red teamer who was looking for an introduction to bootkits. I found this to be a fantastic start and I will continue to use this book as a reference.Protip: If you click on the Github link (and not bibliography,) it will bring you to all of the source materials you need for the book, including the authors' custom Python scripts.

Malware and other threats are reported on and written about so much that we tend to gloss over them. We have heard the advice 1,000 times – keep your system updated, don’t click on unknown links, keep backups, etc. So another book on malware and other threats can be met with a yawn. Rootkits and Bootkits is different.The book gives an evolutionary/historical look at rootkits and bootkits including the newer classes of malware that target the BIOS and chipset firmware which current Windows defensive software can’t reach. It covers boot processes for Windows 32-bit and 64-bit operating systems. So you will learn about how Windows boots—including 32-bit, 64-bit, and UEFI mode—and where to find vulnerabilities as well as the details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard.The first part cover Rootkits and the authors look at the “classic” OS-level rootkits such as TDL3 and Festi rootkit. These case studies show how hackers view the operating system internals and compose their implants using the structure of the OS. You will read reverse engineering and forensic techniques for analyzing real malware.Part 2 focuses on Bootkits and the authors dive into the Windows boot process and what has changed over time. This includes the Master Boot Record, partition tables, bootmgr module and so on. It is very complete and includes coverage of newer virtualization approaches and ransomware.Part 3 deals with the forensics of bootkits, rootkits and other BIOS threats.I did not read the book cover to cover and expect unless you are a security professional you won’t either. But I jumped around and learned more about things I thought I already knew well (like the legacy boot process) and lived through (remember the Brain virus on 360k floppies?) It’s a great resource to have and I am sure I will be visiting it more in the future for specific answers and techniques because the bad guys just do not stop.

Coming from a Pentester in the field who was curious what this book had to offer in jncrdibly dissapointed. No novice would comprehend this. It’s short in detail. & you find much better literature through OSCP/Offensive Security.I have an open source book on github that tackles this subject in more depth.

The term “walking pneumonia” is a nonmedical term for a mild case of pneumonia. People can walk around, oblivious to the problem deep within their bodies. But even with a bland name like walking pneumonia, it’s still a serious disease that can have devastating effects.Similarly, there are firms whose networks are filled with malware, yet they remain oblivious to it. In Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats, authors Alex Matrosov, Eugene Rodionov, and Sergey Bratus create a highly technical guide that can help organizations get a handle on this information security scourge.A rootkit is malicious software that gives an attacker access to a computer that it should not have access to. Similarly, a bootkit is another type of malicious infection, but it targets the master boot record (MBR). Access to the MBR enables the bootkit to be loaded before Windows, and thus go undetected by Windows security.Rootkits and bootkits are often written by sophisticated adversaries who make them difficult to detect and remove. The book will help the IT department cope with the malicious software.The average reader may not be familiar with the programming code in the book, but there are descriptions and case studies that can help them understand the problem. This deep reference, jam-packed with code and technical information, will support an engineer or system administrator tasked with putting these vulnerabilities in their place.

Assumed I would learn about modern boot sequences and the mechanisms by which a rootkit/bootkit embeds itself in a system. Was quite mistaken. Lots of history on outdated rootkits. Sometimes history can be an effective learning tool but they're kind of just throwing words around, the result is an unintelligible mess to anyone who wasn't already well versed in the field. If they were already well versed, I doubt they would need this book. So its basically a book on unintelligible knowledge that, even if it were intelligible, would be outdated.

The main gripes I have with this book is that it just doesn't go into enough technical detail. I agree with one of the previous reviews that there is too much talk about "previous" old rootkits, like TDL4 etc. I bought this to learn about modern rootkits/bootkits, how they work under the hood, TO A VERY LOW LEVEL, and feel it falls short for those who are maybe looking to develop this kind of software for legitimate purposes.If you are buying it to accomplish building similar software, and you are already technically aligned on the subject, just go read online resources and practically jump in somewhere else, as the book isn't going to help you in that respect.That being said, I ENJOYED reading it, and it reads nicely and the authors are super smart guys, just not what I was looking for to scratch the technical itch so to speak.

This book gives you general approaches of rootkits and bootkits. No in depth details and most of mentioned techniques are obsolete. You can find most of it's content if you google it. Total waste of time an money, don't waste your money on this book

Judging by the title and table of contents I was really expecting something more "in-depth" on the actual topic - not just a high-level exec summary of some previous technical work.