Security experts Alex Matrosov, Eugene Rodionov, and Sergey Bratus share the knowledge they've gained over years of professional research. With these field notes, you'll trace malware evolution from rootkits like TDL3 to present day UEFI implants and examine how these malware infect the system, persist through reboot, and evade security software. While you inspect real malware under the microscope, you'll learn:
-The details of the Windows boot process, from 32-bit to 64-bit and UEFI, and where it's vulnerable.
-Boot process security mechanisms like Secure Boot, the kernel-mode signing policy include some details about recent technologies like Virtual Secure Mode (VSM) and Device Guard.
-The reverse engineering and forensic approaches for real malware discovered in the wild, including bootkits like Rovnix/Carberp, Gapz, TDL4 and the infamous rootkits TDL3 and Festi.
-How to perform boot process dynamic analysis using emulation and virtualization
-Modern BIOS-based rootkits and implants with directions for forensic analysis
Cybercrime syndicates and malicious actors keep pushing the envelope, writing ever more persistent and covert attacks. But the game is not lost. Explore the cutting edge of malware analysis with Rootkits and Bootkits.
Covers boot processes for Windows 32-bit and 64-bit operating systems.