Linux Forensics
Sandfly 5.3 - Detailed Host Forensics and Microsoft Sentinel Integration
Sandfly 5.3.0 features a major UI overhaul with our new Linux host forensics and data views. We’ve not only brought critical host data front and center for rapid incident investigation, but expanded…
Hidden Linux Binary Threats for Intruders and Malware
Linux attackers and malware often hide their binary payloads. In this video we'll discuss what this threat is, why it is done, and how to find processes running with hidden binaries using command…
Immutable File Attack Persistence on Linux
Linux can allow administrators to set files as immutable. This feature prevents the files from being modified or deleted by anyone (even root). However, it can also be used by intruders to maintain…
Linux Immutable Malware Process Binary Attack
Processes running with an immutable binary are nearly always malware on Linux. Learn what this attack is, how to automatically detect it, and command line forensics you can use to investigate…
Linux EDR Detecting Processes Running from Temporary Directory Attack
Linux temp directories are notorious for hosting malware from low-grade to sophisticated. Learn about this threat in the video below, and how to investigate suspicious processes abusing this area.…
Linux Process Running with Hidden Binary Name Attack
Hidden process binaries on Linux are often malicious. In this video we describe what this attack is, why processes with hidden binaries are usually up to no good, and command line forensics you can…