Linux Stealth Rootkit Process Decloaking Tool Updated

Linux Forensics
November 21, 2022

Decloaking Linux stealth rootkits that are hiding processes from view is easy with our free tool sandfly-processdecloak which has been updated below: sandfly-processdecloak on Github This free tool…

How To Detect and Decloak Linux Stealth Rootkit Data

Linux Forensics
November 15, 2022

Linux stealth rookits have a variety of mechanisms to hide on a host. Aside from standard tactics such as hiding running processes (which we show you how to decloak here ), they also can hide data…

SSH Key Credential Tracking with Sandfly Splunk App Update

November 09, 2022

Sandfly's Splunk App has been updated and now has separate inputs to accept our new SSH Key Hunter data feed. SSH Hunter agentlessly collects SSH public key data to track how they can be used for…

Sandfly 4.2.3 - OpenSSL CVE-2022-3602 and CVE-2022-3786 Update

Product Update
November 01, 2022

Sandfly 4.2.3 has been released and contains fixes for the OpenSSL CVEs announced on November 1, 2022: CVE-2022-3602 and CVE-2022-3786 . Sandfly's core server and API is written in Go and the TLS…

Sandfly Security Code Audit and Continuous Monitoring

Product Update
October 23, 2022

Sandfly is proactive about protecting the security of our customers and has recently completed an external code audit of our on-host forensic engines with no significant security issues. Further, all…

Sandfly 4.2 - Automatic Host Discovery and Faster Than Ever

Product Update
October 12, 2022

Sandfly 4.2 has been released and features a new automatic host discovery for cloud and DHCP environments. Plus, it has been significantly optimized to be more than twice as fast with lower CPU…