Home » Archive for 2025

Part5: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Lockdown Mode)

- Posted in Hardenings by
Part5: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Lockdown Mode)
Background: The Linux kernel lockdown mode was introduced in Linux kernel version 5.4. Its purpose is to help protect the kernel from actions that could compromise the confidentiality or integrity of [...] Read more

Part4: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (SLUB)

- Posted in Hardenings by
Part4: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (SLUB)
Background: As we continue our journey into the mechanisms of kernel protection toolsets and monitoring, let's focus on our next candidate: SLUB. In simple terms, SLUB (the Unqueued Slab Allocator) [...] Read more

Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)

- Posted in Hardenings by
Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)
Background: As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more

Part2: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them

- Posted in Hardenings by
Part2: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them
Background: In our previous article, I described one method to prevent or monitor harmful activities that can be carried out against the Linux kernel, focusing on the research of SELinux [...] Read more

Part1: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them

- Posted in Hardenings by
Part1: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them
The Linux kernel implements several protection mechanisms, including: Lockdown mode (Kernel, kernel security feature) SLUB/SLAB hardening (Kernel, kernel security feature) Kernel Address Space Layout [...] Read more

Investigating Malicious Activity in WSL Environments

- Posted in Threat Analyze by
Investigating Malicious Activity in WSL Environments
Background: Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more

Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers

- Posted in Other by
Supply Chain Risk: Exploiting Abandoned Domains of Linux Package Maintainers
Background: In my recent articles, we discussed a lot various supply chain attack scenarios. This led me to think about a new type of supply chain attack, specifically targeting Linux package [...] Read more

Adversarial nation IT talent

- Posted in Other by
Adversarial nation IT talent
Background: Sometimes, as an organization grows, it needs to hire specialists for remote work. However, you can never be certain whether the person standing opposite you is an impostor attempting to [...] Read more

Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]

- Posted in Incident Response by
Linux Volatile Memory Forensics: Key Caveats in Acquisition and Analysis [PART 2 Final]
Background: In our previous article, we discussed and compared various tools that facilitate the acquisition of volatile memory . In this article we are going to cover final part of our challenge to [...] Read more

State-Linked Hacker Toolset Analysis & Defense Blueprint

- Posted in Threat Analyze by
State-Linked Hacker Toolset Analysis & Defense Blueprint
Background: Recently, some unknown specialists uploaded several dumps from servers that, according to their claims, are related to Kimsuky (State sponsored) systems. As cybersecurity defenders, we [...] Read more
Page 2 of 6