Home » Archive for October 2025

Evidence Collection on Linux Without External Toolkits

- Posted in Incident Response by
Evidence Collection on Linux Without External Toolkits
Background: During incident response, time constraints can make it difficult to fully understand the scope of an incident. This challenge becomes even greater when our existing toolset does not [...] Read more

Part5: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Lockdown Mode)

- Posted in Hardenings by
Part5: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Lockdown Mode)
Background: The Linux kernel lockdown mode was introduced in Linux kernel version 5.4. Its purpose is to help protect the kernel from actions that could compromise the confidentiality or integrity of [...] Read more

Part4: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (SLUB)

- Posted in Hardenings by
Part4: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (SLUB)
Background: As we continue our journey into the mechanisms of kernel protection toolsets and monitoring, let's focus on our next candidate: SLUB. In simple terms, SLUB (the Unqueued Slab Allocator) [...] Read more

Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)

- Posted in Hardenings by
Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)
Background: As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more