Kernel Hardening for Architects: Securing the Hypervisor Layer against Modern Exploits
Hypervisor kernel hardening is something I learned the hard way. In mid-2018, I inherited a Pure Storage // FlashStack environment where a third-party backup agent quietly loaded an unsigned ESXi kernel module. One night, that module pivoted laterally: guest → hypervisor → controller firmware. We lost 1,800 VMs. We lost 48 hours to forensics. The…