documentation
Study material
The thesis, the kernel, Rust, code reading, the malware the engine hunts, the decision and the process. Built by forensic analysis of the codebase.
The project
The trail
Concepts
The POSIX contract and exit 2
Kernel, eBPF and LSM
Kernel confinement: capabilities, cgroups, Landlock and egress
Rust as a defense language
How Nemesis reads code: AST, pipeline and semantic detection
Pretool, defender and daemon: interception, decision and containment
Prompt injection and IDE poisoning
Malicious code and supply chain
Defense in depth and decision architecture
Process and honesty: threat model, DevSecOps, doctor and red-team
Overview: the whole system converging