LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Reviews > Books > Operating Systems > Other UNIX
User Name
Password

Notices

Search · Register · Submit New Review · Download your favorite Linux Distributions ·
 

Designing BSD Rootkits: An Introduction to Kernel Hacking
Reviews Views Date of last review
1 27974 06-05-2007
spacer
Recommended By Average Price Average Rating
100% of reviewers None indicated 8.0
spacer


Description: Enjoyable primer on system kernel penetration
Keywords: foss system kernel penetration freebsd openbsd bsd
Publisher: No Starch Press
ISBN: 1593271425


Author
Post A Reply 
Old 06-05-2007, 10:28 PM   #1
valentin_nils
 
Registered: Oct 2004
Posts: 0

Rep: Reputation:
Would you recommend the product? yes | Price you paid?: None indicated | Rating: 8

Pros: Enjoyable primer on system kernel penetration
Cons:



--- DISCLAIMER: This is a requested review by No Starch Press, however any opinions expressed within the review are my personal ones. ---


This enjoyable readable book gradually and very systematically evolves around hacking the kernel of a BSD system.

Chapter 1: Loadable Kernel Modules 22p.
Chapter 2: Hooking 13p.
Chapter 3: Direct Kernel Object Manipulation 20p.
Chapter 4: Kernel Object Hooking 4p.
Chapter 5: Run-Time Kernel Memory Patching 27p.
Chapter 6: Putting It All Together 26p.
Chapter 7: Detection 8p.

Its written in a style that allows also non-developers to grasp the main procedures and steps involved for modifying a systems kernel (assuming the attacker got access to a privileged system account).

Chapters 1 to 5 explain the several methods for modifying the kernel.

While the book is divided into 7 chapters, its most value really is the Chapters 6 which has many of those WoW effects included.

All or most technics described of chapters 1-5 will be used in chapter 6 for show casing how to circumvent an HIDS. Here is where all learned technics finally come all together.

So the reader dabbles with the author from an initial "simple" idea of bypassing an HIDS from one issue to the next. First the system call is hooked, so technically its kind of working, but then we realize that in order to make it perfect we need to hide the just created file (which contains the execution redirection routine). So the next obvious step is to hide the file so we dont leave a footprint on the system, just to realize that we need to hide the KLD (Dynamic Kernel Linker). So now everything is hidden but we forgot about the change of the /sbin directories access/ modification and change time, so we have to go after that too...

Its technically very interesting to learn how the author approaches the issues involved in order to avoid being detected by the HIDS or commands the user might use. That the author is technically on top of things is also shown f.e. by some info included in the book which is already referring to FreeBSD 7.

To get the most out of the book you ideally have programming knowledge of C, assembly etc. and debugging software systems. So I think its most valuable to system administrators, developers and security consultants.
 




  



All times are GMT -5. The time now is 05:15 AM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration