Background:
Red team specialists often use specialized hardware during operations. However, don't worry—this hardware isn't exclusive to red teams. Incident responders also can use some of hardware [...] Read more
Background:
One of the IR stages is the "collection" stage, which occurs between containment and analysis. We sometimes need to collect evidence from Kubernetes pods or Docker containers, which can [...] Read more
Background:
During incident response, time constraints can make it difficult to fully understand the scope of an incident. This challenge becomes even greater when our existing toolset does not [...] Read more
Background:
The Linux kernel lockdown mode was introduced in Linux kernel version 5.4. Its purpose is to help protect the kernel from actions that could compromise the confidentiality or integrity of [...] Read more
Background:
As we continue our journey into the mechanisms of kernel protection toolsets and monitoring, let's focus on our next candidate: SLUB. In simple terms, SLUB (the Unqueued Slab Allocator) [...] Read more
Background:
As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more
Background:
In our previous article, I described one method to prevent or monitor harmful activities that can be carried out against the Linux kernel, focusing on the research of SELinux [...] Read more
Background:
Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more
Background:
In my recent articles, we discussed a lot various supply chain attack scenarios. This led me to think about a new type of supply chain attack, specifically targeting Linux package [...] Read more
