Mon 16 Jan 2006
We became interested in rootkits because of our professional work in computer security, but the pursuit of the subject quickly expanded into a personal mission (a.k.a., late nights and weekends). This led Hoglund to found rootkit.com, a forum devoted to reverse engineering and rootkit development. Both of us are deeply involved with rootkit.com. Butler first contacted Hoglund online through this Web site because Butler had a new and powerful rootkit called ‘FU’ that needed testing. Butler sent Hoglund some source code and a pre-compiled binary. However, by accident, he did not send Hoglund the source code to the kernel driver. To Butler’s amazement, Hoglund just loaded the pre-compiled rootkit on his workstation without question, and reported back that ‘FU’ seemed to be working fine! Our trust in one another has only grown since then.
Both of us have long been driven by an almost perverse need to reverse-engineer the Windows kernel. It’s like when someone says we can’t do something–then we accomplish it. It is very satisfying learning how so-called ‘computer security’ products work and finding ways around them. This inevitably leads to better protection mechanisms. Just because a product claims to provide some level of protection does not necessarily mean that it does. By playing the part of an attacker, we are always at an advantage. As the attacker we must think of only one thing that a defender didn’t think of. Yet, as defenders we must think of every possible thing an attacker might do. The numbers work in the attacker’s favor.
We teamed up a few years ago to offer the training class ‘Offensive Aspects of Rootkit Technology.’ This training started as a single day of material that since has grown into hundreds of pages of notes and example code. The material for the class is what eventually became the foundation for this book. Now, we offer the rootkit training class several times a year at the Black Hat security conference, and also privately.
After training for a while, we decided to deepen our relationship, and we now work together at HBGary, Inc. At HBGary, we tackle very complex rootkit problems on a daily basis. In this book, we use our experience to cover the threats that face Windows users today and only appear to be increasing in the future.
http://rapidshare.de/files/11130856/backup_05.rar.html
PASSWORD: thanksForTheBooks
Related ebooks:
Leave a Reply
You must be logged in to post a comment.