Managed Code Rootkits

A Managed Code Rootkit (MCR) is a special type of malicious code that is deployed inside an application level virtual machine such as those employed in managed code environment frameworks – Java, .NET, Dalvik, Python, etc.. Having full control of the managed code VM allows the MCR to lie to the upper level application running on top of it, and manipulate the application behavior to perform tasks not indented originally by the software developer. The MCR concept was introduced in major security conferences such as BlackHat, DefCon, RSA, OWASP, CanSecWest, SOURCE and others.

A book on this subject, written by AppSec Labs CEO Erez Metula, was published recentely by Syngress:

Managed Code Rootkits, for sale now on Amazon Click here for a taster of the book!

Book reviews

Amazon has given the book a 5-star rating, here are some quotes from different reviews:

"I was very excited when I received this book in my mail and set some time each day to continue reading it. Syngress has been releasing amazing material that has made me follow them as closely as I do with No Starch Press. This release is no exception..." --TurboBorland, Amazon.com

"...MCR is a great book because it addresses a topic that almost no one else covers in the published world. The book is easy to read, clear, coherent, methodical, well-organized, and thorough. The author doesn't limit the topic to only .NET; he also provides examples of Java and Android Dalvik code..." --Richard Bejtlich, Amazon.com

"...I'll cut to the chase--I really liked this book. It was easy to understand and fun to follow along because of the wealth of start-to-finish examples that are provided. The examples not only clearly illustrated the concepts the author was trying to convey, but also made me excited to try it out on my own..." --ut158, Amazon.com

"...Mr Metula is a consummate and talented security practitioner who knows his subject thoroughly. I consider this book to be excellent value for money and would recommend it to any security professional..." --InfoSecReviews.com

"...If you have watched Erez Metula at Defcon 17, or his presentation at Source Boston 2010, you will realize that this author is a seasoned professional in the MCR domain. Erez is a hands-on practitioner and I highly recommend watching his presentations available online... His demonstration includes attack scenarios and his tool ReFrameworker in action..." --Hackin9 IT Security Magazine editor

Furthermore, the book has been selected one of 2011's top 10 books by Richard Bejtlich's Tao Security.