Category

Hardening

11 publications

macOS Hardening: Lockdown Mode, MDM and Attack Surface Reduction

Defensive configurations on Apple Silicon for journalists, activists and researchers facing well-funded state or commercial adversaries.

Read →

Supply Chain Security: Sigstore Signing and Real SBOMs in CI/CD

How Basilisk ships cosign, SLSA, and CycloneDX across real pipelines to blunt SolarWinds-style attacks, XZ Utils backdoors, and dependency confusion.

Read →

AMSI and ETW Bypass for Defensive Research: What Blue Teams Should Know

Honest technical breakdown of how public AMSI and ETW bypasses work, and how defenders can harden Windows telemetry without looking foolish.

Read →

Ethical OSINT: Investigating Your Own Digital Footprint with Maltego and Spiderfoot

Before a stalker, hostile recruiter, or data broker finds you, do the work yourself. Maltego and Spiderfoot turn public fragments into a personal attack map.

Read →

SSH Hardening 2026: Algorithms, Certificates and Bastion Hosts

Modern SSH configuration with an internal CA, resistant algorithms and auditable bastion hosts to shrink the attack surface in corporate environments.

Read →

Windows 11 Hardening for High-Risk Offensive Security Workstations

Battle-tested Windows 11 hardening recipe with ASR, Credential Guard, AppLocker and WDAC deployed across Basilisk offensive analyst laptops.

Read →

Linux Server Hardening: Applying CIS Benchmark Without Breaking Production

How to apply the CIS Benchmark on production Debian and Ubuntu hosts by validating each control, measuring impact, and keeping SLA intact without an all-night rollback.

Read →

Linux Application Sandboxing with Bubblewrap, Firejail and Flatpak

How the Basilisk team isolates browsers, PDF readers and risky tools on Linux desktops using audited, reproducible sandbox profiles.

Read →

SELinux Without Fear: Custom Policies for Critical Services

From audit2allow forensics to versioned policy modules running in production, without falling into permanent permissive mode.

Read →

AppSec Shift-Left: SAST, SCA and Secrets Scanning Without Slowing the Team

How Basilisk OffSec rolls out AppSec gradually, measuring developer friction and avoiding the permanently red pipeline nobody bothers to read.

Read →

Windows Persistence: 10 Documented Techniques and Their Countermeasures

Defensive catalog of 10 Windows persistence mechanisms with ready-to-run KQL hunting queries and hardening measures any SOC can deploy this week.

Read →