Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)

- Posted in Hardenings by
Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)
Background: As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more

Part2: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them

- Posted in Hardenings by
Part2: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them
Background: In our previous article, I described one method to prevent or monitor harmful activities that can be carried out against the Linux kernel, focusing on the research of SELinux [...] Read more

Part1: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them

- Posted in Hardenings by
Part1: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them
The Linux kernel implements several protection mechanisms, including: Lockdown mode (Kernel, kernel security feature) SLUB/SLAB hardening (Kernel, kernel security feature) Kernel Address Space Layout [...] Read more

Investigating Malicious Activity in WSL Environments

- Posted in Threat Analyze by
Investigating Malicious Activity in WSL Environments
Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers

- Posted in Other by
Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers
Background: In my recent articles, we discussed a lot various supply chain attack scenarios. This led me to think about a new type of supply chain attack, specifically targeting Linux package [...] Read more

Adversarial nation IT talent

- Posted in Other by
Adversarial nation IT talent
Background: Sometimes, as an organization grows, it needs to hire specialists for remote work. However, you can never be certain whether the person standing opposite you is an impostor attempting to [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]
Background: In our previous article, we discussed and compared various tools that facilitate the acquisition of volatile memory . In this article we are going to cover final part of our challenge to [...] Read more

State-Linked Hacker Toolset Analysis & Defense Blueprint

- Posted in Threat Analyze by
State-Linked Hacker Toolset Analysis & Defense Blueprint
Background: Recently, some unknown specialists uploaded several dumps from servers that, according to their claims, are related to Kimsuky (State sponsored) systems. As cybersecurity defenders, we [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART1]
Background: During the incident containment stage, there may be situations where it is necessary to acquire a volatile dump of RAM from hardware. Since we have already covered memory acquisition on [...] Read more

Essential Data Acquisition and Digital Forensics for Incident Responders

- Posted in Incident Response by
Essential Data Acquisition and Digital Forensics for Incident Responders
Background: In a previous article, we discussed the method for creating a USB flash drive to acquire forensic images. In this article, I'll explain how to leverage the previously created tool during [...] Read more
Page 4 of 10