Deleted Process Binary Attack on Linux

Malware on Linux will often delete the on-disk binary to evade detection with traditional anti-virus and file integrity monitoring tools. In this video we will discuss the threat and how to find it with Sandfly's agentless Linux EDR. We'll then show you how to investigate it with command line forensics and recover the running process binary for analysis.

Sandfly is able to find this and many other types of Linux attacks without deploying any endpoint agents. Get your free license today or contact us for more information.