This article is about containers, the different types (depending on what privileges we let them have), and how they build their isolation: mainly kernel namespaces and capabilities, overlay filesystems, seccomp, and SELinux. My motivation to start this article was for me to understand a bit better how the combination of container isolation mechanisms and privileges affects (increasing or decreasing) the risk of kernel flaws.Continue reading “Containers: Rootful, Rootless, Privileged and Super Privileged”
Month: August 2021
My introduction to Z3 and solving satisfiability problems
Z3 is a powerful framework for problem solving, developed by Microsoft Research. Given a list of restrictions and conditions, Z3 finds one solution that satisfies them all, if that solution exists. Some complex problems can be solved easily with Z3. It can be used for multiple purposes but some known uses in security are exploiting or checking firewall rules. It is also a handy tool for solving many CTF challenges related to encryption and keygen generation.
Continue reading “My introduction to Z3 and solving satisfiability problems”
10 mental models for infosec teams
Applying these 10 mental models for making decisions daily can help any infosec team (in reality, any team) to accomplish its mission. These mental models are general knowledge and common sense. The difficult thing is not to know them, but to take them into account and apply them every day.
Introduction to Landlock
Note: I published this post in a previous blog i closed. Now I’m re-publishing it here.
Landlock is yet another sandoxing mechanism for Linux, but with important differences. Its goal is to make possible to restrict access rights to different Linux elements (e.g. filesystem access), in a secure and programmatic way, without the need of admin privileges.
Stop saying the user is the weakest link
For years, information security has been saying that the user is the weakest link. I don’t know if they are the weakest link or not, but the connotations of saying that are completely wrong and are damaging the security posture of many organizations.
Introduction to dependencyCheck: an open source Software Composition Analysis (SCA) tool
depencencyCheck is an open source dependency security scanner. This kind of tools are also called SCA (Software Composition Analysis).
dependencyCheck identifies which dependencies (aka third party libraries) a software is using and indicates if any of them have known vulnerabilities.
Continue reading “Introduction to dependencyCheck: an open source Software Composition Analysis (SCA) tool”
How to reduce the risk of being infected and impacted by ransomware
In a previous job, I had the mission of protecting a huge Windows infrastructure from ransomware. I had the resources to investigate and implement the necessary security controls. This is what I learned.
Continue reading “How to reduce the risk of being infected and impacted by ransomware”