Search No Further: Capsule8 Supports Google Cloud Security Command Center with Security Partner Integration

Today is another big day for Capsule8. We officially announced that we are included as a Security Partner Integration within the newly launched Google Cloud Security Command Center (Cloud SCC). …

Apache CARPE DIEM: CVE-2019-0211

Recently, Charles Fol blogged about his privilege escalation bug in Apache, CVE-2019-0211, aka “CARPE DIEM” (seize the 0day, comrades!). This affects Apache HTTP Server versions 2.4.17 through version 2.4.38 (from …

Linux Server Monitoring: a Brief Guide

Different Approaches to Linux Host and Process Monitoring In case you hadn’t heard, Linux is a big deal. Linux servers are used in the vast majority of production systems, the …

Between Two Kernels: Halvar Flake – E03

In Episode 3 Kelly chats with Halvar Flake, former Project Zero team member at Google and Co-Founder of optimyze. The two get philosophical about vendor tag lines, characterize his new …

Between Two Kernels: Allan Alford – E02

In Episode 2 of Between Two Kernels Kelly chats with CISO Allan Alford about being the most hated man in his organization, the three biggest mistakes of his life, and …

Between Two Kernels: Art Coviello

We’re excited to kick off a new video series with our VP of Product Strategy, Kelly Shortridge, titled “Between Two Kernels.” Kelly aims to conduct short, potentially awkward interviews with …

You Think That’s Air You’re Breathing?

What seemed lost in this (runc) hype is that the ability to escape containers is not confined to a one-off vulnerability in container management programs or orchestrators.

Kernel Configuration Glossary

In our post “Millions of Binaries Later: a Look Into Linux Hardening in the Wild”, we examined the security properties of different distributions. In the following, we provide a glossary …

Millions of Binaries Later: a Look Into Linux Hardening in the Wild

TL;DR In this post, we explore the adoption of Linux hardening schemes across five popular distributions by examining their out-of-the-box properties. For each distribution, we analyzed its default kernel configuration, …