Don’t Get Kicked Out! A Tale of Rootkits and Other Backdoors

Introduction When it comes to rootkits and other backdoors, everything is on the table. There exists a vulnerability that can be exploited in a system binary to gain root access? …

The Curious Case of a Kibana Compromise

The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one …

Major Key Alert: Data Discovery for Red Teams with an ML Tool for Keylogging

With the glut of security vendors who promise to secure to the moon and back on the star-glazed spaceship of Machine Learning (ML) technology, where is the equivalent for red …

Linux Server Monitoring: a Brief Guide

Different Approaches to Linux Host and Process Monitoring In case you hadn’t heard, Linux is a big deal. Linux servers are used in the vast majority of production systems, the …

You Think That’s Air You’re Breathing?

What seemed lost in this (runc) hype is that the ability to escape containers is not confined to a one-off vulnerability in container management programs or orchestrators.

Kernel Configuration Glossary

In our post “Millions of Binaries Later: a Look Into Linux Hardening in the Wild”, we examined the security properties of different distributions. In the following, we provide a glossary …

Linux Hardening in the Wild

TL;DR: Millions of Binaries Later In this post, we explore the adoption of Linux hardening schemes across five popular distributions by examining their out-of-the-box properties. For each distribution, we analyzed …

Exploiting systemd-journald Part 2

Introduction This is the second part in a multipart series on exploiting two vulnerabilities in systemd-journald, which were published by Qualys on January 9th. In the first post, we covered …

Exploiting systemd-journald Part 1

Introduction This is part one in a multipart series (read Part 2 here) on exploiting two vulnerabilities in systemd-journald, which were published by Qualys on January 9th. Specifically, the vulnerabilities …