售价: ¥735.00 待定配送费
前翻 后翻
正在播放... 已暂停   您正在聆听的 Audible 音频版本的样品。
查看全部 3 张图片

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System (英语) 平装 – 2012年3月16日

| 天天低价·正品质优

显示所有 格式和版本 隐藏其他格式和版本
全新品最低价 非全新品最低价
促销信息: 优惠 买满 ¥99.00 立减 ¥10.00 共1个促销


click to open popover

  • 买满 ¥99.00 立减 ¥10.00: 满足条件自动优惠


  • iPhone/iPad/Mac
  • Android手机或平板电脑



  • 出版社: Jones and Bartlett Publishers, Inc; 2nd Revised edition (2012年3月16日)
  • 平装: 784页
  • 语种: 英语
  • ISBN: 144962636X
  • 条形码: 9781449626365
  • 商品尺寸: 4.4 x 15.9 x 23.5 cm
  • 商品重量: 1.1 Kg
  • ASIN: 144962636X
  • 用户评分: 分享我的评价
  • 亚马逊热销商品排名: 图书商品里排第923,628名 (查看图书商品销售排行榜)
  • 您想告诉我们您发现了更低的价格?


While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated Second Edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. The range of topics presented includes how to: -Evade post-mortem analysis -Frustrate attempts to reverse engineer your command & control modules -Defeat live incident response -Undermine the process of memory analysis -Modify subsystem internals to feed misinformation to the outside -Entrench your code in fortified regions of execution -Design and implement covert channels -Unearth new avenues of attack


5 星
4 星
3 星
2 星
1 星

此商品在美国亚马逊上最有用的商品评论 (beta) (可能包括"Early Reviewer Rewards Program"的评论)

美国亚马逊: 平均5.0 星 6 条评论
2/2 人认为此评论有用
平均5.0 星 a MUST BUY for everyone that wants to know what going on under the hood in Windows 2016年5月11日
评论者 Idan Bismut - 已在美国亚马逊上发表
版本: 平装 已确认购买
Got my copy of the book 3 weeks ago, I have to say this is one of the best books I've read on the subject.
I recommended buying it to anyone who wish to know how O/S really works & find out about all those little things that makes the 'magic" happens after boot/login.
The book is NOT for beginners: A prior knowledge of assembly & usage of windows debuggers (such as WinDbg or KD) is recommended.
I had some experience with both, though I had some "rust", and it took me some time googling to be reminded of some stuff, and I wish author would put some additional chapter to subject early in the book.
As an small example: In chapter 3, there is a deep dive into working example how one could implement a "key logger" into "real mode" via TSR. It would really help if author would give small "intro" to TSR saying "write' performed by placing 25H to AH, DS:DX point to new routine, AL = N & that will hook the new function to slot N. True one could understand that from code & after further check internet for int21 documentation, but again it would make reading much "smoother". I assume someone that uses assembly on daily usage probably seems very obvious...

The book is filled with real "gems" as to HOW O/S works, what's get loaded first, who calls who, what registry key to watch out for if someone were to add to list of "Known" DLLs etc. And even though I'm not "security specialist" (I more an hobbyist), I really learned ALOT from this book.
I'm a software engineer for over 8 years, and I must admit only now I understand certain compiler flags & concept like ASLR, /GS & DEP...

The author takes a chapter to explain one thing at a time, and at the end of the chapter he provides some sort of "overall review", usually inside simple to understand chart/diagram that will help the user deal with the enormous amount of information provided.

Author provides alot of KD snippets, that demonstrate & proves the stuff he teach, I only wish some small intro chapter were made to those who less know those commands. Again, just to be clear I'm not referring to a "KD for dummies", but it would sure help to add a small reference to the commands used, so that could provide user with quick reference, instead of having to google for it, to understand what it does.

On the assembly side snippets, there are occasional some minor errors in the code snippets, like MOV/PUSH instead of LEA, but I guess that could be to avoid script kiddies to take code & compile right of the book.

To sum things up, I really enjoyed reading this book (still reading it...)
That's why I'm giving it 5 stars, it deserves it !
1/1 人认为此评论有用
平均5.0 星 Know C and understanding of CS? Great addition to your tech collection. 2015年11月12日
评论者 Blaze74118 - 已在美国亚马逊上发表
版本: 平装 已确认购买
Solid information with great structure. Must have C back ground with solid CS understanding.
2/3 人认为此评论有用
平均5.0 星 JohnnyCannuk 2014年4月21日
评论者 Mike Park - 已在美国亚马逊上发表
版本: Kindle电子书 已确认购买
Brilliant book. I wish more than snippets of code were available. Even if you don't end up making rootkit, you'll learn a lot from this book
4/6 人认为此评论有用
平均5.0 星 best rootkit book out there 2013年12月11日
评论者 T-me - 已在美国亚马逊上发表
版本: 平装 已确认购买
Great book for all things rootkit related. This covers the majority of rootkit related code and techniques up till about 2010ish. I have not read it cover to cover but I did not see anything about items like patch guard in the book which is highly relevant to rootkits.

This is still one of my highest suggested books even for the few things it does seem to lack.
5/19 人认为此评论有用
平均5.0 星 The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System 2012年9月14日
评论者 Juan Carlos - 已在美国亚马逊上发表
版本: 平装 已确认购买
The Book has several well informed documented and updated contents. The singular way that the Author, Bill Blunden, address the topic make the book so interesting to keep reading it. The Technicals words used in combination with the simplicity of his well experienced analogies when referring to a subject has done a straight forward picture of understanding for each Subject on the Book.