Rootkits and Bootkits will teach you how to understand and counter sophisticated advanced
threats buried deep in a machine's boot process or UEFI firmware. With the aid of numerous case
studies and professional research from three of the world's leading security experts you'll
trace malware development over time from rootkits like TDL3 to present-day UEFI implants and
examine how they infect a system persist through reboot and evade security software. As you
inspect and dissect real malware you'll learn: • How Windows boots-including 32-bit 64-bit
and UEFI mode-and where to find vulnerabilities • The details of boot process security
mechanisms like Secure Boot including an overview of Virtual Secure Mode (VSM) and Device
Guard • Reverse engineering and forensic techniques for analyzing real malware including
bootkits like Rovnix Carberp Gapz TDL4 and the infamous rootkits TDL3 and Festi • How to
perform static and dynamic analysis using emulation and tools like Bochs and IDA Pro • How to
better understand the delivery stage of threats against BIOS and UEFI firmware in order to
create detection capabilities • How to use virtualization tools like VMware Workstation to
reverse engineer bootkits and the Intel Chipsec tool to dig into forensic analysis Cybercrime
syndicates and malicious actors will continue to write ever more persistent and covert attacks
but the game is not lost. Explore the cutting edge of malware analysis with Rootkits and
Bootkits. Covers boot processes for Windows 32-bit and 64-bit operating systems.
