Rootkits and Bootkits

Rootkits and Bootkits will teach you how to understand and combat complex, advanced threats that are hidden deep within a device's boot process or in the UEFI firmware. With the help of numerous case studies and professional research from three of the world's leading security experts, you will trace the evolution of malware over time, from rootkits like TDL3 to modern UEFI implants, and examine how they infect a system, persist through reboots, and bypass security software.

As you inspect and dissect real malware, you will learn:

• How Windows boots, including 32-bit, 64-bit, and UEFI modes, and where to find vulnerabilities.
• The details of the security mechanisms in the boot process such as Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard.
• Reverse engineering and forensic techniques to analyze real malware, including bootkits like Rovnix/Carberp, Gapz, TDL4, and the notorious rootkits TDL3 and Festi.
• How to conduct static and dynamic analyses using emulation and tools like Bochs and IDA Pro.
• How to better understand the delivery phase of threats against BIOS and UEFI firmware to develop detection capabilities.
• How to use virtualization tools like VMware Workstation to reverse engineer bootkits, and the Intel Chipsec tool for forensic analysis.

Cybercrime syndicates and malicious actors will continue to write increasingly persistent and covert attacks, but the game is not lost. Explore the latest developments in malware analysis with Rootkits and Bootkits. Covers boot processes for Windows 32-bit and 64-bit operating systems.