Sandfly 4.0 - SSH Credential Auditing and eBPF Rootkit Detection

Product Update
July 27, 2022

Sandfly 4.0 has been released and includes our powerful new SSH key and credential auditing feature: SSH Hunter. This new feature allows you to track SSH key usage across your Linux fleet…

Sandfly Linux File Entropy Scanner Updated

Linux Security
Linux Forensics
June 30, 2022

Our entropy scanner sandfly-filescan has been updated and renamed to sandfly-entropyscan and now features Linux process scanning to help quickly spot packed and encrypted malware. You can get it…

BPFDoor Coverage in Bleeping Computer

June 08, 2022

Bleeping Computer wrote an extensive article covering the evasive BPFDoor malware found on many Linux systems globally: BPFDoor: Stealthy Linux malware bypasses firewalls for remote access The…

BPFDoor - An Evasive Linux Backdoor Technical Analysis

Linux Forensics
May 11, 2022

Recently Kevin Beaumont revealed a new evasive backdoor targeting Linux associated with the Chinese Red Menshen threat actors. In his article he reveals that this backdoor has been operating globally…

Security Monitoring for Threats on Embedded Linux

Embedded Linux
May 04, 2022

A new report from Mandiant entitled: Eye Spy on Your Email details a series of sophisticated attacks against embedded network devices often running Linux. In particular, the report states (emphasis…

Sandfly 3.3 - Reporting, SSO, Veracode Certified, Suspicious IP Detection and More

Product Update
April 26, 2022

Sandfly 3.3.0 has been released with major updates across the board. Some of the new features include: Single Sign-On (SSO) support Veracode Verified Reporting Configurable data retention period…