Blog
Sandfly 4.3.0 - Key Vault Integration, Process, SSH, and Persistence Attack Detection
Sandfly 4.3.0 features an external credential provider interface. Using our new integration you can get Sandfly to work with an external key vault such as Cyberark, Thycotic, Hashicorp and more. We…
SSH Major Compromise Vector for Linux
Google just released their Cybersecurity Action Team Report for the end of 2022 and it had some interesting findings: More than 1/2 of all incidents involved weak credentials, no credentials, or…
Linux Stealth Rootkit Process Decloaking Tool Updated
Decloaking Linux stealth rootkits that are hiding processes from view is easy with our free tool sandfly-processdecloak which has been updated below: sandfly-processdecloak on Github This free tool…
How To Detect and Decloak Linux Stealth Rootkit Data
Linux stealth rookits have a variety of mechanisms to hide on a host. Aside from standard tactics such as hiding running processes (which we show you how to decloak here ), they also can hide data…
SSH Key Credential Tracking with Sandfly Splunk App Update
Sandfly's Splunk App has been updated and now has separate inputs to accept our new SSH Key Hunter data feed. SSH Hunter agentlessly collects SSH public key data to track how they can be used for…
Sandfly 4.2.3 - OpenSSL CVE-2022-3602 and CVE-2022-3786 Update
Sandfly 4.2.3 has been released and contains fixes for the OpenSSL CVEs announced on November 1, 2022: CVE-2022-3602 and CVE-2022-3786 . Sandfly's core server and API is written in Go and the TLS…