The Rootkit Arsenal

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
	First edition
Author	Bill Blunden
Country	United States (Original)
Language	English
Subject	Computer Science
Publisher	Jones & Bartlett Publishers
Publication date	May 4, 2009
Media type	Print (Paperback)
Pages	784 pages
ISBN	9781449626365 (Second Edition, paperback)

The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System is a book written by Bill Blunden, published by Jones & Bartlett Publishers in May 2009. The book takes the reader in depth about rootkit technology and uses. It covers topics such as IA-32 assembly, the Windows system architecture, kernel debugging, advanced rootkit development, and much more concerning rootkit technology and how it can be applied onto e.g. white hat hacking. The book also provides many source code examples on rootkit development and how to properly use it. It is required and recommended to have a fair understanding of computer programming and operating systems in order to fully comprehend the contents of the book, as the back cover states it is an advanced book on its topic.

Content edit

The book is divided into four parts, and each of the 14 chapters goes into detail about specific technology and information required in advanced rootkit development and use. It also provides information about network and file system analyses, kernel objects, drivers, and much more related to rootkit technology. The reader can create a fully working rootkit by using the source codes in the appendix. The product description states that the book sheds light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.^[1]^{[non-primary source needed]}

Reviews edit

The book has received mostly positive reviews from websites specializing in computer reviews.

Computing Reviews writes about this book "This book addresses a controversial and timely issue in the field of network security. Rootkits are notoriously used by the black hat hacking community. A rootkit allows an attacker to subvert a compromised system. This subversion can take place at the application level, as is the case for the early rootkits that replaced a set of common administrative tools, but can be more dangerous when it occurs at the kernel level. A rootkit hides the network traffic, processes, and files that an attacker decides to keep invisible to administrators and system management tools… If you work on defensive solutions—anti-virus and malware detection tools—or are interested in low-level system programming, you must read this book. In fact, for the intended audience, this is one of the best books of 2009."^[2]

Richard Austin of the IEEE's Computer Society's Technical Committee on Security and Privacy also published a review of the book's second edition in 2014.^[3]

Notes edit

^ "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Second Edition". Jones & Bartlett Publishers. Retrieved 2015-12-27.
^ Computing Reviews
^ Austin, Richard (28 January 2014). "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System (2ed)". IEEE. Retrieved 8 January 2018.

References edit

Blunden, Bill. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. 1st ed. Jones & Bartlett Publishers, 2009
Blunden, Bill. The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. 2st ed. Jones & Bartlett Publishers, 2012

[1] "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, Second Edition". Jones & Bartlett Publishers. Retrieved 2015-12-27.

[2] Computing Reviews

[3] Austin, Richard (28 January 2014). "The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System (2ed)". IEEE. Retrieved 8 January 2018.

[1]

[2]

[3]