Collaborate Disseminate
I’m diving into different solutions to use VM-isolation for containers. I found these promising projects: runq, Kata Containers, Firecracker and gVisor. I think that runq, Kata Containers and Firecracker are in essence fairly similar but g… Continue reading What is the difference between enhanced container isolation projects like runq, Kata Containers, Firecracker and gVisor?
Goal:
I’m seeking feedback on the most secure setup for creating and accessing an encrypted database (KDBX4 format) that minimizes exposure to potential remote attacks. This database will contain highly sensitive information, and my primar… Continue reading Best Practice for Creating and Accessing an Encrypted Database with a Strong Threat Model
The use case is: running isolated services, either as a hardened systemd unit file — with close to a zero score on systemd-analyze security, or a linux container.
Both of those will place services listening on localnet (127.0.0.0/8-ish) o… Continue reading What to consider when routing priviledged ports to sandboxed services? net.ipv4.conf.eth0.route_localnet=1 vs CAP_NET_BIND_SERVICE
I’m testing some sketchy software in a non-admin account on a Windows 10 21H2 VM in Hyper-V. The VM is set up without networking and I only use Copy-VMFile to copy files to the VM. To transfer files to the host I first transfer files to a … Continue reading Concerned about VM escape in 2024 [closed]
This question is directed towards creating an isolated environment for a reverse engineering VM, where malicious programs will be disassembled, debugged by executing them, so static and dynamic analysis etc.
The VM will have no internet c… Continue reading Is an isolated VM (Hyper-V) still safe despite the fact that the host uses RDP to view/control the VM?
As I understand it, a sandbox is an isolated environment on a machine, used to protect the host from the programs in the sandbox.
Is there something similar but in reverse, for running important programs on a potentially hostile host?
For … Continue reading Existence of sandbox to protect programs from a hostile host
I’ve been exploring options for device isolation within MDE. I have Windows 2008 R2, Windows 2012 (they do not support device isolation at all), Windows 2012 R2, and Windows 2016 (they DO support it, however one would first have to migrate… Continue reading alternatives to MDE device isolation for unsupported OS versions
If you’ve ever wondered why something like a radio or a TV could command a hefty fraction of a family’s yearly income back in the day, a likely culprit is …read more Continue reading Flipped Transformer Powers Budget-Friendly Vacuum Tube Amp
I have a bash script that opens various random files that could be anything (PDF, xlsx, MKV, MP4, WebM, html). Since I don’t fully trust the source of these files, there is a chance that some of them could be infected with some kind of mal… Continue reading How to isolate a bash script process?
I am using singularity sandboxes in my workflow for several reasons unrelated to security. However, after using it a bit, I am now wondering: is using a singularity sandbox an effective way to increase security by enforcing isolation / com… Continue reading Is using a singularity sandbox an effective way to increase security through isolation / compartmentalization?