Excellent intermediate/advanced security book
I finally picked up this book last year and throughoughly enjoyed it. I keep referring to it because the examples build up to the point of qualified proof of concept. The examples also are different enough from the other ones that are easy to find with Google, so between the two you get a complete view of the vulnerable issue.
The book's title should be obvious enough; this is NOT a book of defenses. However, if you understand these attacks you will be better equiped to deal with them when they happen. This book is no replacement for hands-on training in person with a qualified instructor such as at the SANS Institute, but it is an excellent supplement.
Great Book
Its a great place to start...and works its way through some pretty indepth concepts. The great part is that for the beginner it is step by step....and they tell you were to download everything you will need. Anyways loved it, read it twice.
The definitive text on Windows rootkits, applicable in 2005 or 2007
I read Rootkits: Subverting the Windows Kernel last year, but waited until I read Joseph Kong's Designing BSD Rootkits before reviewing both books. In a head-to-head comparison, I thought Kong's book was easier to comprehend and directly covered the key techniques I wanted to see. If I could give this book 4 1/2 stars I would, but Amazon doesn't allow that luxury.
Hoglund and Butler should be commended for writing this book. It really does assemble the parts (meaning techniques and code) necessary to implement a Windows rootkit, at least prior to Windows Vista. My only concern is that, at times, the authors are not as clear as I hoped they might be. This is probably due to the fact that they are two of the best rootkit writers on the planet, so they probably do not remember what it was like to not understand "hooking" and other techniques.
In some ways Rootkits is probably a book best suited for other experts (like many who wrote reviews here). That leaves beginners (like myself) wishing for a little more foundation or direct language prior to reading about implementation tricks.
One of the greatest strengths of this book, however, is the degree to which it exposes the internal workings of Windows. For greatest effect it's probably worth reading Microsoft Windows Internals, Fourth Edition by Russinovich and Solomon first.
Note that although I found the direct approach of the BSD rootkits book better for my learning style, this book by Hoglund and Butler is deeper in several areas. In fact, those who liked the BSD rootkits book would do well to read its Windows counterpart to learn tricks from Hoglund and Butler.
Belongs on all IT security professionals' bookshelves
Not an easy read if you're not already familiar with programming and operating system concepts, but then if you are an IT security professional you'd better be, and the book explains why.
Excellent read
I have been around the software industry now for almost 20 years and every now and then I find a book where I learn exciting things, this is one of those books. It reminds me of the early days of low level Windows programming but with very up to date information on the OS and how to apply it. The book is obviously designed to attract hackers - both black and white hats - however it does do a good job diving on the internals of the Posix and Windows subsystems. If you like low level stuff this book is for you.
