System-wide Anonymity via Kernel-level Proxying: A Defence-in-Depth Framework for High-risk Security Operations
Abstract
Security-oriented Linux distributions often focus more on user experience than on strong security, which can lead to risks in terms of being traced back during offensive activities. This study introduces a reinforced BlackArch Linux system that uses kernel-level iptables rules known as Kalitorify to ensure that all outgoing traffic goes through Tor in a fail-closed setup. DNS requests are redirected to port 5353, ICMP packets are dropped without any response, and any compromised processes are confined using Firejail namespaces and VirtualBox isolation. Cyber teams in the US military use similar kernel-level strengthening methods to prevent being identified during operations. This project takes those advanced tactics and applies them to environments used for penetration testing. It offers features like long-term storage and built-in Wi-Fi drivers that are not available in other privacy-focused distributions such as Tails, Whonix, or Qubes. Controlled tests show that this setup does not leak real IP addresses when compared to proxy chains, and features like MAC address randomization, turning off IPv6, and limiting kernel memory help reduce the chances of being recognized as a specific system. This setup gives professionals a reliable platform where mistakes during use would not expose their identity, effectively connecting the general anonymity tools with more secure, offensive toolchains suitable for high-pressure field operations.
References
S. Patil, “Research paper on cyber security challenges and threats,” Int. J. Adv. Res. Sci. Commun. Technol. (IJARSCT), vol. 4, no. 1, pp. 561–566, Jan. 2024.
M. R. Yaswinski, M. M. Chowdhury, and M. Jochen, “Linux security: A survey,” in Proc. IEEE Int. Conf. Electro Inf. Technol. (EIT), May 2019.
M. M. Ahmadi, L. Alrahis, O. Sinanoglu, and M. Shafique, “FPGA-Patch: Mitigating remote side-channel attacks on FPGAs using dynamic patch generation,” arXiv, 2023.
A. Chenkote, R. Patil, S. Patil, and M. Bapat, “Linux security,” J. Emerging Technol. Innov. Res., vol. 11, 2024.
B. Milton, “A brief security analysis of Arch Linux and its package management system,” Univ. California, San Diego, CA, USA, Tech. Rep., Jun. 2017.
National Institute of Standards and Technology, “CVE-2024-32002 detail – Git: Recursive clone RCE via submodule path handling,” NIST National Vulnerability Database, 2024.
NIST, “CVE-2025-54576 detail – OAuth2 proxy: Authentication bypass via skip_auth_routes,” NIST National Vulnerability Database, 2025.
G. Zhai and Y. Li, “Analysis and study of security mechanisms inside Linux kernel,” in Proc. Int. Conf. Security Technol., 2008.
B. S. Radhika, N. V. N. Kumar, R. K. Shyamasundar, and P. Vyas, “Consistency analysis and flow secure enforcement of SELinux policies,” Computers & Security, vol. 94, p. 101816, Jul. 2020.
S. Laurén, S. Rauti, and V. Leppänen, “A survey on application sandboxing techniques,” in Proc. Int. Conf. Comput. Syst. Technol. (CompSysTech), pp. 141–148, 2017.
