Blog

Since I was 18 years old, Linux was my preferred OS for desktops, servers, virtualization, storage, VPN, metrics, for Quake3 as well. For offensive operations and defensive research and hardening. After 20 years that did not change. What's most interesting, each project that I was commercially working on needed more or less advanced knowledge of Linux, understanding the internals, and the behavior of mechanisms such as SELinux, AppArmor, iptables, tcpdump to name just a few. No GUI of course!

Read now

Linux systems as well as Open Source solutions are the backbone of the modern Internet, critical services, and services. Kubernetes clusters, containers, complex business applications and APIs, corporate firewalls, gateways, load balancers and jump hosts, proxy and WAF servers, NIDS, and NIPS systems. CI/CD. C2 servers and redirectors as well. When referring to the above solutions and services, I always automatically see Linux. Linux for defense and attack.

Awareness of threats in the above context suggests that their low-level monitoring, tracing, configuration hardening, periodic examination of behavior profiles including the RAM memory forensics process, or proactive hunting for threats are areas that are worth developing in order to minimize the risk and impact of a potential attack. Such an approach increases the chances of an attack being prevented or detected early in the chain, thus gaining contextual insight into post-exploitation activities at multiple layers. In the above context, we will refer to the eBPF technology in the offensive-defensive approach.

Read now

Every SecOps / SecDevOps / Linux Expert needs to know more than just a little about Linux, so if you always wanted to know

Read now

Every Blue Teamer/SOC DFIR analyst needs to know more than just a little about Linux, so if you always wanted to know:

Read now