Hello and welcome to the Monday, July 28, 2025 edition of the Sands and then at Stormsendors, Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the Sands.edu credit certificate program in cloud security.

In diaries this weekend, we have one by Xavier looking into, well,

we'll need Linux feature, and Xavier looks at it from sort of a reverse analysis point

of view, but it's really very applicable for a number of different security tasks,

and that's Linux namespaces. Essentially, each process in Linux

may have sort of its own namespace, its own view of the environment. And in this particular

case, Xavier looked at networking, where first of all, you are able to just simply turn off networking capabilities for a particular process with the pseudo-unshare dash-net bash command.

That basically gives you a bash shell without networking.

And now if you try to analyze some malware, well, that malware can no longer communicate outbound.

But it goes more fine crane than that.

You can also just set up a different routing table for this particular process.

And for example, redirect traffic to sinkholes and the like.

Quite often when you're analyzing malware, you don't want to turn off networking altogether

because the malware will not run if it can't download second stage and such.

But you just want to capture, like, what is that second stage?

It's downloading and then send the request to a sinkhole where you're just recording the HTTP requests. And that's sort of, you know,

where this feature is really helpful. But like I said, net namespaces in Linux can do a lot more

things. There's for file systems and mounts, so similar features that you have available as you

have for networking. And I think it's a little bit an overlooked sort of security feature in general when it comes to a Linux.

A lot of even experienced Linux administrators often haven't really heard of namespaces and how they can be used.

...