Designing BSD Rootkits: An Introduction to Kernel Hacking and over one million other books are available for Amazon Kindle. Learn more
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Designing BSD Rootkits: an Introduction to Kernel Hacking Paperback – Apr 16 2007


See all 2 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle Edition
"Please retry"
Paperback
"Please retry"
CDN$ 17.47 CDN$ 13.13

Best Canadian Books of 2014
Margaret Atwood's stunning new collection of stories, Stone Mattress, is our #1 Canadian pick for 2014. See all

Special Offers and Product Promotions

  • Join Amazon Student in Canada


Customers Who Bought This Item Also Bought



Product Details


Product Description

About the Author

Tinkering with computers has always been a primary passion of author Joseph Kong. He is a self-taught programmer who dabbles in information security, operating system theory, reverse engineering, and vulnerability assessment. He has written for Phrack Magazine and was a system administrator for the City of Toronto.


Inside This Book (Learn More)
Explore More
Concordance
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index | Back Cover
Search inside this book:

Customer Reviews

There are no customer reviews yet on Amazon.ca
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on Amazon.com (beta)

Amazon.com: 5 reviews
11 of 11 people found the following review helpful
Concise, informative, powerful -- a real winner June 23 2007
By Richard Bejtlich - Published on Amazon.com
Format: Paperback
I loved Designing BSD Rootkits (DBR) by Joseph Kong, and I'm not even a kernel hacker. Rather, I'm an incident responder and FreeBSD administrator. This book is directly on target and does not waste the reader's time. If you understand C and want to learn how to manipulate the FreeBSD kernel, Designing BSD Rootkits is for you. Peer into the depths of a powerful operating system and bend it to your will!

DBR covers much of the same sorts of material found in the earlier Rootkits: Subverting the Windows Kernel by Greg Hoglund and James Butler, except Kong's book is all about FreeBSD. I actually read the Windows text first, but found Kong's more direct language and examples easier than the Hoglund/Butler text. After reading DBR I have a stronger understanding of each of the main chapters' techniques, i.e., kernel modules, hooking, direct kernel object manipulation, kernel object hooking, run-time kernel memory patching, and detection mechanisms. I particularly liked the author showing his sample rootkit's effectiveness against Tripwire, simply to demonstrate his methods.

DBR follows another tenet of great books: it credits previous work. Several times in the text Kong says where he learned a technique or what code he's modifying to do his bidding. This should serve as an example to other technical authors. Kong also does not treat his subject matter as a dark art practiced by people in long black coats at Def Con. He is professional and mentions where certain techniques like run-time kernel memory patching are used by commercial operating systems for "hot patching," as happens with Windows.

I have nothing bad to say about this book, although to get the absolute full learning experience it helps to know C programming, some assembly, and FreeBSD kernel internals. The Design and Implementation of the FreeBSD Operating System by McKusick and Neville-Neil (another excellent book) is helpful preparatory reading. The fact that Kong provided all of his source code for download is also very much appreciated. Bravo! I look forward to your next book.
5 of 5 people found the following review helpful
Enjoyable primer on system kernel penetration May 29 2007
By Nils Valentin - Published on Amazon.com
Format: Paperback
--- DISCLAIMER: This is a requested review by No Starch Press, however any opinions expressed within the review are my personal ones. ---

This enjoyable readable book gradually and very systematically evolves around hacking the kernel of a BSD system.

Chapter 1: Loadable Kernel Modules 22p.

Chapter 2: Hooking 13p.

Chapter 3: Direct Kernel Object Manipulation 20p.

Chapter 4: Kernel Object Hooking 4p.

Chapter 5: Run-Time Kernel Memory Patching 27p.

Chapter 6: Putting It All Together 26p.

Chapter 7: Detection 8p.

Its written in a style that allows also non-developers to grasp the main procedures and steps involved for modifying a systems kernel (assuming the attacker got access to a privileged system account).

Chapters 1 to 5 explain the several methods for modifying the kernel.

While the book is divided into 7 chapters, its most value really is the Chapters 6 which has many of those WoW effects included.

All or most technics described of chapters 1-5 will be used in chapter 6 for show casing how to circumvent an HIDS. Here is where all learned technics finally come all together.

So the reader dabbles with the author from an initial "simple" idea of bypassing an HIDS from one issue to the next. First the system call is hooked, so technically its kind of working, but then we realize that in order to make it perfect we need to hide the just created file (which contains the execution redirection routine). So the next obvious step is to hide the file so we dont leave a footprint on the system, just to realize that we need to hide the KLD (Dynamic Kernel Linker). So now everything is hidden but we forgot about the change of the /sbin directories access/ modification and change time, so we have to go after that too...

Its technically very interesting to learn how the author approaches the issues involved in order to avoid being detected by the HIDS or commands the user might use. That the author is technically on top of things is also shown f.e. by some info included in the book which is already referring to FreeBSD 7.

To get the most out of the book you ideally have programming knowledge of C, assembly etc. and debugging software systems. So I think its most valuable to system administrators, developers and security consultants.
Definitely worth a read May 29 2013
By Ashley - Published on Amazon.com
Format: Kindle Edition
This book is a fantastic resource for programmers, FreeBSD enthusiasts and general UNIX hackers.

The book is laid out quite well, with fantastic examples and explanations.
Unfortunately there are a few mistakes in the code examples due to some changes in the FreeBSD code (eg. the sys_ prefix was added to FreeBSD native syscalls )
5 of 10 people found the following review helpful
Fun and informative May 16 2007
By Anthony Lawrence - Published on Amazon.com
Format: Paperback
I don't do a lot with BSD nowadays.. a lot of software customers want is only for Linux, and although sometimes it could be ported, the customers seem to want Linux. However, I cut my teeth on old SunOS, so bsdisms are familiar and friendly to me.

Working through this book was fun and informative. You can download sources from [....]

The concepts apply equally well to Linux, of course, and I also realized that some of the areas explored come up in ordinary application work and especially in system troubleshooting, so this isn't entirely about subverting systems for evil purpose.
1 of 4 people found the following review helpful
A perfect programmer's guide. July 7 2007
By Midwest Book Review - Published on Amazon.com
Format: Paperback
Collections strong in web design and programmer's guides know that rootkits have a negative image - but DESIGNING BSD ROOTKITS provides all the information on how to overcome any bad image and problems to develop effective rootkits under the FreeBSD operating system. This instructional is actually a tutorial, so it may also be used in programming classes: it explains how to maintain root access and how to hack Free BSD, using many examples which assume no prior kernel-hacking knowledge. Code is described, analyzed, and linked to real-world scenarios for maximum understanding, making for a perfect programmer's guide.


Feedback