{"product_id":"linux-rootkits-userland-foundations-volume-1-9798195824471","title":"Linux Rootkits: Userland Foundations - Volume 1","description":"\u003cp\u003e • Author(s): Maets Knup\u003cbr\u003e • Publisher: Independently Published\u003cbr\u003e • Publisher Imprint: Independently Published\u003cbr\u003e • BISAC: Operating Systems - Linux\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003e\u003cb\u003eUnderstanding Linux rootkits to detect them better.\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eWhat if the danger did not come from malware hidden deep inside the system, but from a perfectly legitimate Linux mechanism?\u003c\/p\u003e\u003cp\u003eA binary that lies. A shell that logs activity silently. An editor that reacts when opening a simple text file. A runtime that loads code before the application even starts.\u003c\/p\u003e\u003cp\u003eThis is the starting point of \u003ci\u003eLinux Rootkits - Userland Foundations\u003c\/i\u003e.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eA book written for defenders\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eThis first volume explores the mechanisms that allow code to execute where you do not expect it.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eLD_PRELOAD\u003c\/b\u003e, \u003cb\u003eLD_AUDIT\u003c\/b\u003e, \u003cb\u003esitecustomize.py\u003c\/b\u003e, \u003cb\u003eNODE_OPTIONS\u003c\/b\u003e, Vim \u003cb\u003eautocmd\u003c\/b\u003e, Bash completion, \u003cb\u003einputrc\u003c\/b\u003e, and Zsh hooks: each chapter starts from a concrete anomaly, follows the trail, shows the code, then explains how to detect and neutralize the technique.\u003c\/p\u003e\u003cp\u003eThis book is for SOC analysts, blue teamers, system administrators, SREs, DevOps engineers, cybersecurity students, and Linux-curious technical readers.\u003c\/p\u003e\u003cp\u003eYou will not only learn to ask which process is running. You will also learn to ask who was allowed to execute before it.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eInside Volume 1\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eDynamic loading with LD_PRELOAD, \/etc\/ld.so.preload, and LD_AUDIT\u003c\/li\u003e\n\u003cli\u003eInvisible entry points in Python and Node.js\u003c\/li\u003e\n\u003cli\u003eInteractive shell mechanisms: DEBUG trap, PROMPT_COMMAND, PATH, function shadowing, programmable completion, Readline, and Zsh\u003c\/li\u003e\n\u003cli\u003eVim hooks triggered by opening a simple file\u003c\/li\u003e\n\u003cli\u003ePolymorphic Bash and the limits of textual signatures\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003cb\u003eA progression by investigation\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eEach chapter follows a concrete method: observe the anomaly, inspect the traces, read the code, run a mini-lab, then switch to the defender's side.\u003c\/p\u003e\u003cp\u003eThe commands are explained, expected outputs are shown, diagrams clarify the execution path, and common mistakes are addressed directly.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eAutonomous and isolated labs\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eThe book is self-contained. No repository to clone. No custom Docker image. No external file required.\u003c\/p\u003e\u003cp\u003eThe mini-labs run inside a disposable \u003cb\u003eubuntu:24.04\u003c\/b\u003e Docker container, with harmless, visible code designed for learning.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eWhat this book is not\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eThis is not an attack manual. It is a manual for auditing, detection, and neutralization.\u003c\/p\u003e\u003cp\u003eThe goal is not to learn how to hide a rootkit. The goal is to understand why it works, where it hooks, what traces it leaves, and how to take it down.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eUsage framework\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eAll manipulations must remain inside a disposable Docker container.\u003c\/p\u003e","brand":"Independently Published","offers":[{"title":"Paperback","offer_id":47882631348375,"sku":"9798195824471","price":3976.0,"currency_code":"INR","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0666\/3471\/1191\/files\/9798195824471.webp?v=1781096374","url":"https:\/\/atlanticbooks.com\/products\/linux-rootkits-userland-foundations-volume-1-9798195824471","provider":"Atlantic Books","version":"1.0","type":"link"}