Book of the Month : The Rookit ARSENAL

Wow…! This was my first reaction when I received this massive 900+ pages book from Amazon.  I was just spell bounded and surprised to see such an  enormous amount of information compiled on the lesser known area of computer security, the Rootkits.

Book - The Rootkit Arsenal

Here is the table of contents of this book,

Part 1  Foundations
Chapter 1  Setting the Stage
Chapter 2  Into the Catacombs: IA-32
Chapter 3  Windows System Architecture
Chapter 4  Rootkit Basics
Part 2  System Modification
Chapter 5  Hooking Call Tables
Chapter 6  Patching System Routines
Chapter 7  Altering Kernel Objects
Chapter 8  Deploying Filter Drivers
Part 3  Anti-Forensics
Chapter 9  Defeating Live Response
Chapter 10  Defeating File System Analysis
Chapter 11  Defeating Network Analysis
Chapter 12  Countermeasure Summary
Part 4  End Material
Chapter 13  The Tao of Rootkits
Chapter 14  Closing Thoughts

The book starts with basics of system internals which is essential to understand the depth of  Rootkits. It covers about various memory models, interrupts, TSR, Windows architecture etc in detail. Then it delves into explaining the ingredients of Rootkit including installing and launching of the Rootkit. All these system internals have been covered in very precise and concise manner.

The chapter 5 is where the real fun starts as it goes on elaborating all the hooking mechanisms from user land to kernel and then it describes various techniques for detecting these hooking mechanisms. Later chapters does awesome job of explaining the advanced Rootkit techniques. The Anti-Forensics section is just mind blowing, no explanation needed.

One of the salient features of this book is the code samples. Every technique mentioned in this book is illustrated with well explained, working code example. This along with Rootkit detection mechanisms explored in the book sets it apart from its predecessor, Rootkit – Subverting Windows Kernel.


Its clearly evident that author has taken great pain and patience to present the darkest topic of computer arena in a very simple and understandable manner in this gigantic compilation.  By far this is the very good reference book and very well recommended for any one who wants to conquer the mysterious world of Rootkits.


eBook Link :

Similar posts
  • Computer Security Tips: Stay Safe Onl... In recent times cyber security has raised the level of awareness and public consciousness as never before. Both large corporations and big organizations try to take care of online security as much as they can. That’s why cyber criminals and hackers have focused more on smaller companies and single entrepreneurs. This awful tendency leads to [...]
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]


  1. August 16, 2009    

    Interesting review, I was considering buying “Rootkit – Subverting Windows Kernel” but I think I’ll buy this one instead. Did you send your review to ? I find that the comments really help me determine if a book is really what I expect and is worth the expense.

  2. August 16, 2009    

    I am yet to write on Amazon, will do it shortly.

    Yes, this book covers everything that is covered by previous Rootkit book and much more……and that too with real working code.

Leave a Reply