Background:
The OpenClaw agentic solution has an interaction feature related to feeding independent developer skills from the specific marketplace. The feature name is 'skills,' which is misleadingly [...] Read more
Background:
Sometimes during daily cases we see suspicious detections on Linux machines which have hashes that do not exist on popular platforms and we do not have licenses for sandboxes. To resolve [...] Read more
Background:
One of the IR stages is the "collection" stage, which occurs between containment and analysis. We sometimes need to collect evidence from Kubernetes pods or Docker containers, which can [...] Read more
Background:
During incident response, time constraints can make it difficult to fully understand the scope of an incident. This challenge becomes even greater when our existing toolset does not [...] Read more
Background:
The Linux kernel lockdown mode was introduced in Linux kernel version 5.4. Its purpose is to help protect the kernel from actions that could compromise the confidentiality or integrity of [...] Read more
Background:
As we continue our journey into the mechanisms of kernel protection toolsets and monitoring, let's focus on our next candidate: SLUB. In simple terms, SLUB (the Unqueued Slab Allocator) [...] Read more
Background:
As we continue our discovery of Linux kernel protection mechanisms, we should also look at the built-in capability called Kernel Address Space Layout Randomization (KASLR). KASLR’s [...] Read more
Background:
In our previous article, I described one method to prevent or monitor harmful activities that can be carried out against the Linux kernel, focusing on the research of SELinux [...] Read more
Background:
Some XDR and EDR solutions are not effective when dealing with threats hidden inside WSL. In certain cases, it can also be challenging for digital forensic specialists to detect threats [...] Read more
