I recently came across this book called The Rootkit Aresenal by Bill Blunden that gives a detailed (I mean it!) description of the basics underlying rootkits and also goes about on how to design them for Windows (so it requires some basic understanding of IA32-internals). Because I concentrate mostly on Linux-centric security, I can only use the book to gain basics but not anything related to the Linux kernel. Can anyone please suggest a Dragon book of Rootkits for Linux that will give me some hands-on experience?
Just in case someone is about to ask me this question:
"Why are you looking at rootkits? Isn't that bad?"
Someone on slashdot once said:
How can we implement security if we don't understand the ways we can be attacked?
Just to give an idea of what I am looking for: It is enough if the Table of Contents of the reference looks something like the following only replaced with Linux rootkits instead of Windows.
The Rootkit Arsenal Table of Contents
I don't know of any books that have a focus on rootkits for Linux. I think you'll have more luck (and probably better material) by reading the phrack zine instead, for example. There's a book about BSD rootkits so I guess you can adapt the ideas from one to the other (syscall interception, hooking with DRs, etc). The concepts are the same, just implementation differs, but you can find the source code for several good rootkits for linux online (suckit, etc) to use as reference. In phrack there's even a basic framework for a DR-based rootkit.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With