← Back to Research Vault

How Building a Malware Lab Led Me to Fedora Kinoite

By Shay Mordechai | December 30, 2025


As a security researcher, my workstation is my lab. When I started building a local malware analysis environment, I ran into hardware bottlenecks fast: running multiple VMs in parallel, on top of local AI tooling, was choking my RAM and CPU. I needed something lean, fast, and built around security from the ground up.

Moving to Fedora Kinoite: More Than a Performance Fix

At first I was just chasing optimization. But once I switched to Fedora Kinoite, architectural curiosity took over. I wanted to understand how its sandboxing mechanisms actually worked — OSTree, isolation layers, the whole stack. What started as a RAM problem turned into a deep dive into how modern Linux manages its system execution model.

Inside the Internals: 5 Isolation Layers

The deeper I looked, the clearer it became: isolation in Kinoite is not a theoretical concept — it is the core design principle. The system is built in layers that let me run research tooling (including my SBCL compiler research) without touching the base OS:

Wanting to understand each of these layers — not just use them — is what shifted me from a Linux user to an internals researcher. This lab is not a collection of tools. It is an ongoing architectural experiment that runs underneath every research project I do.