LKRG 1.0内核运行时防护实战:安装调优与纵深防御指南
LKRG 1.0实战指南:从工作原理到多发行版安装部署、sysctl参数调优、漏洞利用检测验证,以及与SELinux、IMA、Kernel Lockdown协同构建内核级纵深防御体系。
Priya is a threat hunter who spent four years at CrowdStrike on the OverWatch team chasing eCrime intrusions on Linux endpoints, then moved to a mid-size SaaS company in 2023 to build out their detection engineering function from scratch. Her day job is writing Falco rules, tuning auditd, and arguing with developers about why curl-piped-to-bash in a Dockerfile is not, in fact, fine. She's GCFA and GCIH certified, contributed a handful of Sigma rules to the public repo, and gave a talk at BSides Bangalore on detecting Kinsing miner infections through cgroup anomalies. Before security she did three years as a Linux sysadmin at Flipkart's logistics arm, which is where she learned that most "sophisticated APT activity" turns out to be a forgotten cron job running as root.
LKRG 1.0实战指南:从工作原理到多发行版安装部署、sysctl参数调优、漏洞利用检测验证,以及与SELinux、IMA、Kernel Lockdown协同构建内核级纵深防御体系。
从内核架构到实战部署,全面讲解auditd深度配置、MITRE ATT&CK威胁检测规则编写、CIS/STIG合规自动化扫描以及LAUREL审计日志增强工具,帮你构建从威胁检测到合规管理的完整审计体系。