Hardenings

All the information related to assets technical hardening

From Assistant to Actor: The Dangers of Excessive AI Agency

- Posted in Hardenings by
Background: Automation continues to drive efficiency, but agentic AI introduces new security challenges. AI agents may have extensive access to systems and the ability to perform actions [...] Read more

Defending LLMs Against LoRA-Enabled Supply Chain Attacks

- Posted in Hardenings by
Background: As an LLM trainer, it is a best practice to use 2–3 isolated environments for LLM training. One of the major risks in this process is supply chain attacks, and LoRA (Low-Rank [...] Read more

Securing LLM Outputs: Preventing Insecure Output Handling and Injection Attacks

- Posted in Hardenings by
Background: The threat landscape in the LLM era has become hybrid compared with the classic OWASP Top Ten. Interconnected LLM services have brought new types of attacks, and the boundaries between [...] Read more

Malicious Use of Ansible by Threat Actors

- Posted in Hardenings by
Background: Ansible is a legitimate tool used by specialists to manage environments at scale. However, threat actors can also abuse this tool to deploy malicious payloads or establish persistence. [...] Read more

Forensics of Operating System Agentic AI Activity Traces [Part 2]

- Posted in Hardenings by
Background: During our previous article, we discovered the steps to reveal the root cause of the incident that involved the Claude AI agentic desktop. Over this article we shall discuss google gemini [...] Read more

Friendly Faces, Malicious Moves: Inside Legitimate IDE Threats in Technical Interviews

- Posted in Hardenings by
Background: While reading an article about how threat actors abuse legitimate VS Code functionality to run malicious code on a target machine when a project is opened by the victim, I concluded that [...] Read more

Part5: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Lockdown Mode)

- Posted in Hardenings by
Background: The Linux kernel lockdown mode was introduced in Linux kernel version 5.4. Its purpose is to help protect the kernel from actions that could compromise the confidentiality or integrity of [...] Read more

Part4: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (SLUB)

- Posted in Hardenings by
Background: As we continue our journey into the mechanisms of kernel protection toolsets and monitoring, let's focus on our next candidate: SLUB. In simple terms, SLUB (the Unqueued Slab Allocator) [...] Read more

Part3: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them (Kernel address space layout randomization)

- Posted in Hardenings by
Background: As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more

Part2: Kernel protection preventive mechanisms in Linux systems and methods for monitoring them

- Posted in Hardenings by
Background: In our previous article, I described one method to prevent or monitor harmful activities that can be carried out against the Linux kernel, focusing on the research of SELinux [...] Read more
Page 1 of 2