Managed Code Rootkits: Hooking into Runtime Environments by Erez Metula

By Erez Metula

Imagine with the ability to swap the languages for the applications that a working laptop or computer is operating and taking regulate over it. that's precisely what controlled code rootkits can do after they are positioned inside a working laptop or computer. This new form of rootkit is hiding in a spot that had formerly been secure from this sort of attack-the program point. Code reports don't at the moment search for again doorways within the digital laptop (VM) the place this new rootkit will be injected. An invasion of this value permits an attacker to thieve info at the contaminated desktop, supply fake info, and disable safety checks. Erez Metula indicates the reader how those rootkits are constructed and inserted and the way this assault can switch the controlled code that a computer is working, no matter if that be JAVA, .NET, Android Dalvik or the other controlled code. administration improvement eventualities, instruments like ReFrameworker, and countermeasures are coated, making this booklet a one cease store for this new assault vector.
* Introduces the reader in short to controlled code environments and rootkits in general
* thoroughly information a brand new kind of rootkit hiding within the program point and demonstrates how a hacker can switch language runtime implementation
* makes a speciality of controlled code together with Java, .NET, Android Dalvik and experiences malware improvement scanarios

Show description

Read Online or Download Managed Code Rootkits: Hooking into Runtime Environments PDF

Similar security books

Simple Steps to Data Encryption: A Practical Guide to Secure Computing

All people desires privateness and protection on-line, whatever that the majority desktop clients have roughly given up on so far as their own information is anxious. there is not any scarcity of excellent encryption software program, and no scarcity of books, articles and essays that purport to be approximately easy methods to use it. but there's necessary little for usual clients who wish barely enough information regarding encryption to take advantage of it appropriately and securely and appropriately--WITHOUT having to develop into specialists in cryptography.

Comprehensive Security in Asia: Views from Asia and the West on a Changing Security Environment

This can be an exam of "Comprehensive safeguard" as a coverage that is going past the necessities of army defence opposed to a specific "enemy" to emphasize the necessity to have in mind different points important to nationwide balance: nutrients, power, atmosphere, conversation and social protection.

Protecting Human Security in Africa

Keeping Human safety in Africa discusses one of the most powerful threats to human safeguard in Africa. It offers particularly with these threats to the safety of African humans that are least understood or explored. In issues various from corruption, the proliferation of small fingers and lightweight guns, foodstuff safeguard, the devastation of inner displacement in Africa, the hyperlink among common assets and human defense, to the issues of compelled labour, threatsto women's safeguard, and environmental safety, the e-book examines the felony and coverage demanding situations of shielding human protection in Africa.

Extra info for Managed Code Rootkits: Hooking into Runtime Environments

Sample text

As opposed to static compilers, which convert everything to machine code before execution, the JIT compiler performs the conversion continuously during program execution, while often caching compiled blocks of native code, thereby reducing pieces of IL code that are translated again and again to the same native code. The JIT compiler’s second-level compilation also provides a means of utilizing the bytecode’s portability. It fits the actual set of instructions to the specific machine on which it is executed, using machine-agnostic bytecode.

IL Bytecode When source code is compiled, it is eventually converted to IL bytecode rather than to machine instruction assembly code, as an additional step in the code compilation and execution process. NET and others to IL bytecode. IL bytecode acts much like the assembly code the VM machine-level language understands internally. These instructions are designed specifically to be processed by software (rather than “real” instructions processed by hardware) by an interpreter often making use of a JIT compiler to convert the bytecode to its equivalent machine instructions.

What Can Attackers Do with Managed Code Rootkits? • Destroy sensitive data stored on the database, while “riding on” the established connection from the application to the database. • Steal sensitive files from the machine. • Delete important files, causing loss of information and system/application instability. • Log sensitive information generated by applications, such as credit card numbers, passwords, encryption keys, and so forth. • Filter out information written to audit logs by applications.

Download PDF sample

Rated 4.73 of 5 – based on 21 votes