Sandfly 4.4.0 - Agentless Linux Password Auditing and Data De-Duplication

Product Update
April 18, 2023

Sandfly 4.4.0 has two major new features we are excited about sharing: Agentless password auditor that works across all Linux distributions. De-duplicating events resulting in a 99%+ reduction in…

Sandfly 4.3.2 - Linux Loadable Kernel Module Rootkit Taint Detection

Product Update
March 20, 2023

Version 4.3.2 of Sandfly incorporates various innovative techniques for identifying Linux kernel taint inconsistencies, which aid in uncovering stealth rootkit activity. Additionally, we have…

Sandfly 4.3.0 - Key Vault Integration, Process, SSH, and Persistence Attack Detection

Product Update
January 23, 2023

Sandfly 4.3.0 features an external credential provider interface. Using our new integration you can get Sandfly to work with an external key vault such as Cyberark, Thycotic, Hashicorp and more. We…

SSH Major Compromise Vector for Linux

Linux Security
January 05, 2023

Google just released their Cybersecurity Action Team Report for the end of 2022 and it had some interesting findings: More than 1/2 of all incidents involved weak credentials, no credentials, or…

Linux Stealth Rootkit Process Decloaking Tool Updated

Linux Forensics
November 21, 2022

Decloaking Linux stealth rootkits that are hiding processes from view is easy with our free tool sandfly-processdecloak which has been updated below: sandfly-processdecloak on Github This free tool…

How To Detect and Decloak Linux Stealth Rootkit Data

Linux Forensics
November 15, 2022

Linux stealth rookits have a variety of mechanisms to hide on a host. Aside from standard tactics such as hiding running processes (which we show you how to decloak here ), they also can hide data…