Niklas Heringer
Niklas Heringer
Cybersecurity & Math.
⌘K
Subscribe Sign in
Niklas Heringer

My Publications

This archive contains my publications and collaborative whitepapers.

[Whitepaper] Unified Security Hardening with Cross-Platform Native Binaries

Published by: ERNW (Enno Rey Netzwerke GmbH)

Authors: Niklas Heringer

Hardener: Documentation-as-Code for Automated Linux & macOS Hardening

A cross-platform, statically linked hardening tool with built-in audit, auto-remediation, and atomic r

Find it here

This publication introduces Hardener, a tool built around three gaps in established frameworks like Lynis: opaque checks with no visible baselines, findings that can't be auto-remediated without risking regressions, and runtime dependencies that break in heterogeneous environments. Hardener addresses all three by embedding audit and remediation logic directly in Markdown frontmatter (Documentation-as-Code), shipping as a statically linked binary, and supporting atomic rollback to pre-execution state. Validated across Ubuntu, Debian, Rocky Linux, openSUSE, Arch Linux, Fedora, and RHEL via a KVM/Vagrant/libvirt test harness.

Resources:

[Tool] Hardener

A cross-platform security auditing and hardening tool built in Go. Load an ERNW-made hardening ruleset (that you can adapt for your purposes if necessary), run an audit, apply fixes, and roll back any change, all from a single static binary with no external dependencies. Supports Linux (tested on Ubuntu 24.04, Debian 12, Rocky 9, openSUSE Leap 15.6, ArchLinux, Rhel 9, Fedora 44) and macOS (tested on macOS 26 Tahoe) with per-distro test harnesses via KVM/Vagrant.

Hardener

A cross-platform security auditing and hardening tool built in Go.

Find it here

[Whitepaper] Linux Client Hardening Guide

Published by: ERNW (Enno Rey Netzwerke GmbH)

Authors: Niklas Heringer

Linux Client Hardening Guide

Blogpost with all resources: https://insinuator.net/2026/05/ernw-white-paper-76-linux-client-hardening-guide/

Find it here

This publication covers six domains, authentication & identity, network security, boot integrity, OS hardening, filesystem permissions, and application security & logging, with every control marked as mandatory or recommended per RFC 2119 terminology. Validated across major distributions, the guide explicitly excludes controls that break usability without proportionate security benefit, targeting machines that stay hardened in practice, not just on paper.

[Whitepaper] macOS Hardening Guide

Published by: ERNW (Enno Rey Netzwerke GmbH)

Authors: Julian Suleder, Niklas Heringer

macOS Tahoe Hardening Guide

A comprehensive technical guide on securing macOS environments.

Find it here

This publication covers the bridge between usability and high-security requirements, detailing specific configurations to minimize the attack surface of Apple’s operating system.