NEMESISdefender
Documentation
Login

Documentation

    • The journey
    • 1 · POSIX contract and exit 2
    • 2 · Kernel, eBPF and LSM
    • 3 · Kernel confinement
    • 4 · Rust as defense
    • 5 · Code reading (AST)
    • 6 · Pretool, defender and daemon
    • 7 · Prompt injection and IDE
    • 8 · Malicious code and supply chain
    • 9 · Defense in depth
    • 10 · Process and honesty
    • Overview
    • System architecture
    • Skills
    • Coverage matrix
documentation

Study material

The thesis, the kernel, Rust, code reading, the malware the engine hunts, the decision and the process. Built by forensic analysis of the codebase.

The project

Nemesis Defender

The trail

opening · how to read this material

The journey

System architecture

evidence of self-taught study

Engineering skills applied in the project

concept → source file → page

Coverage matrix

Concepts

concept 1 · operating system

The POSIX contract and exit 2

concept 2 · Linux kernel

Kernel, eBPF and LSM

concept 3 · confinement

Kernel confinement: capabilities, cgroups, Landlock and egress

concept 4 · Rust

Rust as a defense language

concept 5 · code analysis

How Nemesis reads code: AST, pipeline and semantic detection

concept 6 · interception and containment

Pretool, defender and daemon: interception, decision and containment

concept 7 · AI security

Prompt injection and IDE poisoning

concept 8 · malware and supply chain

Malicious code and supply chain

concept 9 · decision architecture

Defense in depth and decision architecture

concept 10 · process and DevSecOps

Process and honesty: threat model, DevSecOps, doctor and red-team

synthesis · the system converging

Overview: the whole system converging

Nemesis Defender · deterministic enforcement

exit 2 · fail-closed