Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats

Rootkits and Bootkits: Reversing Modern Malware by Alex Matrosov

Malware and other threats are reported on and written about so ubiquitously that we tend to gloss over them. We have heard the advice 1,000 times - keep your system updated, don't click on unknown links, keep backups, etc. So another book on malware and other threats can be met with a yawn. Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats from no starch press is different. First of all the authors have outstanding credentials. For example, Alex Matrosov is a leading offensive security researcher at NVIDIA. He has more than two decades of experience with reverse engineering, advanced malware analysis, firmware security, and exploitation techniques. Before joining NVIDIA, Alex served as Principal Security Researcher at Intel Security Center of Excellence (SeCoE), spent more than six years in the Intel Advanced Threat Research team, and was Senior Security Researcher at ESET. Alex has authored and co-authored numerous research papers and is a frequent speaker at security conferences, including REcon, ZeroNights, Black Hat, DEFCON, and others. Alex received an award from Hex-Rays for his open source plug-in HexRaysCodeXplorer, supported since 2013 by the team at REhint. Wow. The book gives an evolutionary/historical look at rootkits and bootkits including the newer classes of malware that target the BIOS and chipset firmware which current Windows defensive software can't reach. It covers boot processes for Windows 32-bit and 64-bit operating systems. So you will learn about how Windows boots-including 32-bit, 64-bit, and UEFI mode-and where to find vulnerabilities as well as the details of boot process security mechanisms like Secure Boot, including an overview of Virtual Secure Mode (VSM) and Device Guard. The first part cover Rootkits and the authors look at the "classic" OS-level rootkits such as TDL3 and Festi rootkit. These case studies show how hackers view the operating system internals and compose their implants using the structure of the OS. You will read reverse engineering and forensic techniques for analyzing real malware. Part 2 focuses on Bootkits and the authors dive into the Windows boot process and what has changed over time. This includes the Master Boot Record, partition tables, bootmgr module and so on. It is very complete and includes coverage of newer virtualization approaches and ransomware. Part 3 deals with the forensics of bootkits, rootkits and other BIOS threats.https://nostarch.com/rootkits will get you updates and more resources like a link to the author's website for source code and more. I did not read the book cover to cover and expect unless you are a security professional you won't either. But I jumped around and learned more about things I thought I already knew well (like the legacy boot process) and lived through (remember the Brain virus on 360k floppies?) It's a great resource to have and I am sure I will be visiting it more in the future for specific answers and techniques because the bad guys just do not stop. Recommended.

The Manga Guide to Physiology

The Manga Guide to Physiology by Etsuro Tanaka and Keiko Koyama

I asked lightheartedly on Twitter "Is there something wrong in getting medical advice from a Manga comic book?" because I have found the information in The Manga Guide to Physiology  to be more complete and understandable than many medical websites. Of course the book should not replace a medical professional but it does give a very comprehensive look at the workings of the human body. And, of course, the format of the book (Manga comic book with an interesting story line and great illustrations) makes it more readable than a textbook. I found myself saying "Just one more chapter" which would never have been the case in a typical physiology text book. Like the other Manga guides the information is presented using young characters involved in something to keep your interest. In The Manga Guide to Physiology a Nursing School freshman named Kumiko needs to pass a test on the human body in order to compete in the campus marathon which she is simultaneously training for. She is tutored by a young professor who turns out to be someone unexpected. Don't be fooled and think that because of this background story the information is fluff. The information presented is detailed but presented in a clear manner with examples that will make you understand the subject rather than help you memorize facts. In addition there is always an "Even More About…" section that gets into more details for those who want it. The sections give a complete look at how the body works: The Circulatory System The Respiratory System The Digestive System The Kidneys and Renal System Body Fluids The Brain and Nervous System The Sensory Nervous System The Musculoskeletal System Cells, Genes and Reproduction The Endocrine System The No Starch Press Manga series and in particular this book, The Manga Guide to Physiology, have become a valuable platform to learn some complicated subjects in an engaging way. Great Lakes Geek Rating: 4.5 out of 5 pocket protectors. Read more Book Reviews from the Great Lakes Geek