Investigating Linux Process File Descriptors for Incident Response and Forensics

Sandfly 2.8.0 – Agentless Active Attack Response for Linux

Sandfly 2.7.2 – Performance Update

Getting In The Fight

Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak

Sandfly 2.7.0 – Mitre ATT&CK Tags, Enhanced Linux Stealth Rootkit De-Cloaking and SCTP Backdoor Detection

Detecting Linux memfd_create() Fileless Malware with Command Line Forensics

Splunk App for Sandfly Agentless Intrusion Detection for Linux Now Available

Using Elasticsearch and Kibana to Investigate Suspicious Linux Activity with Sandfly

Sandfly 2.6.0 – Elasticsearch Replication, Linux Docker Container Security Scanning, Hidden Process De-Cloaking and More

Detecting Linux Kernel Process Masquerading with Command Line Forensics

Sandfly 2.5.2 – Scheduling Priority, Detecting Command Line Web Servers, Port Scanners and Kernel Thread Masquerading

Sandfly 2.5.0 – Higher Performance, SSH Key Certificates and More Linux Forensics

Sandfly 2.4.0 – Splunk Support, Reconnaissance, Process Injection Detection and Containers

How To Decloak Stealth Linux Cryptocurrency Mining Malware