Kernel Hardening for Architects: Securing the Hypervisor Layer against Modern Exploits
I learned kernel hardening the hard way. In mid-2018, I inherited a Pure Storage // FlashStack environment where a third-party backup agent quietly loaded an unsigned ESXi kernel module. One night, that module pivoted laterally: guest → hypervisor → controller firmware. We lost 1,800 VMs.We lost 48 hours to forensics.The FBI got involved. That incident…