Blog

SSH Major Compromise Vector for Linux

Linux Security
January 05, 2023

Google just released their Cybersecurity Action Team Report for the end of 2022 and it had some interesting findings: More than 1/2 of all incidents involved weak credentials, no credentials, or…

Linux Stealth Rootkit Process Decloaking Tool Updated

Linux Forensics
Rootkits
Malware
November 21, 2022

Decloaking Linux stealth rootkits that are hiding processes from view is easy with our free tool sandfly-processdecloak which has been updated below: sandfly-processdecloak on Github This free tool…

How To Detect and Decloak Linux Stealth Rootkit Data

Rootkits
Linux Forensics
November 15, 2022

Linux stealth rookits have a variety of mechanisms to hide on a host. Aside from standard tactics such as hiding running processes (which we show you how to decloak here ), they also can hide data…

Sandfly Linux File Entropy Scanner Updated

Malware
Linux Security
Linux Forensics
June 30, 2022

Our entropy scanner sandfly-filescan has been updated and renamed to sandfly-entropyscan and now features Linux process scanning to help quickly spot packed and encrypted malware. You can get it…

BPFDoor - An Evasive Linux Backdoor Technical Analysis

Malware
Linux Forensics
May 11, 2022

Recently Kevin Beaumont revealed a new evasive backdoor targeting Linux associated with the Chinese Red Menshen threat actors. In his article he reveals that this backdoor has been operating globally…

Security Monitoring for Threats on Embedded Linux

Embedded Linux
Malware
May 04, 2022

A new report from Mandiant entitled: Eye Spy on Your Email details a series of sophisticated attacks against embedded network devices often running Linux. In particular, the report states (emphasis…