Blog

Linux kernel security notes, lab writeups, and product research.

Writing from Open Stealth on rootkit detection, training environments, Linux security tooling, and defensive engineering.

Topics

Linux kernel securityRootkit detectionLab designLow-level tooling

From Research LKM to Detection Workflow

OpenStealth uses a controlled research module to turn kernel behavior into validation workflows, product checks, and training material for defenders.

DefenseMarch 12, 20264 min read

Defense Engineering

OpenStealth sits between adversarial kernel research and defensive implementation. The research module is not the finished product. It is the raw material for building checks, validating coverage, and teaching teams what meaningful Linux evidence actually looks like.

Read featured article

More writing from Open Stealth.

Notes on Linux defense, training delivery, research artifacts, and how low-level tooling should work in practice.

Training5 min read

Kernel Training Fails Without a Known-Good Lab

Slides do not teach kernel work. Students need a stable VM, preflight checks, and enough guidance to recover from mistakes without losing momentum.

March 5, 2026Read article

Research4 min read

Why a Public Research Rootkit Helps Linux Defenders

Publishing a controlled research module gives defenders and vendors something concrete to inspect, test against, and reason about.

February 17, 2026Read article

Tooling4 min read

Linux Security Tooling Must Explain What It Sees

A rootkit alert is not enough. Analysts need the evidence path: what was inspected, what diverged, and why the result matters.

January 28, 2026Read article