Linux Forensics

Sandfly 5.4 - Cisco and Juniper Network Device Support

Detecting Bincrypter Linux Malware Obfuscation

Linux Password Hash Risks and Security Overview

Sandfly 5.3.1 - Video Overview

SSH Lateral Movement Risks on Linux Webinar and White Paper

Sandfly 5.3.1 - New License Tiers and SELinux Support

Obsolete Linux Password Hash Threats

Sandfly 5.3 - Detailed Host Forensics and Microsoft Sentinel Integration

Hidden Linux Binary Threats for Intruders and Malware

Immutable File Attack Persistence on Linux

Linux Immutable Malware Process Binary Attack

Linux EDR Detecting Processes Running from Temporary Directory Attack

Linux Process Running with Hidden Binary Name Attack

Linux Process Running from /dev/shm RAM Disk Attack

Deleted Process Binary Attack on Linux

SSH Excessive Keys Risk - Do You Have Too Many SSH Keys?

SSH Authorized Keys2 Backdoor Attack

Risky Business Snake Oilers Interview with Sandfly Security

Default User SSH Authorized Key Risks on Linux

Unsecured and Unencrypted SSH Private Key Threats on Linux

Linux Obsolete Password Hash Risks

Linux nologin Shell Rename Backdoor Attack Detection and Forensics

Linux Default User Password Attack Detection and Forensics

Linux Duplicate User Password Hash Attack

Linux Reverse Shell Detection and Forensics

Sandfly 5.2 - Linux Stealth Rootkit File and Directory De-Cloaking

Free Sandfly Linux Incident Response License

Detecting Linux Stealth Rootkits with Directory Link Errors

Evasive Linux Malware Detection Video Presentation (BPFDoor)

Detecting Evasive Linux Malware Presentation

SSH Key Compromise Risks and Countermeasures

Linux Stealth Rootkit Process Decloaking Tool Updated

How To Detect and Decloak Linux Stealth Rootkit Data

Sandfly Linux File Entropy Scanner Updated

BPFDoor - An Evasive Linux Backdoor Technical Analysis

Log4j Kinsing Linux Stealth Malware in the Wild

Linux Stealth Rootkit Malware with EDR Evasion

Detecting CronRAT Crontab Malware on Linux

Linux Command Line Forensics and Intrusion Detection Cheat Sheet

Detecting and Investigating OpenSSL Backdoors on Linux

Linux Malware Investigation Myth: You Don’t Need a Debugger

Investigating Linux Process File Descriptors for Incident Response and Forensics

Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak

Detecting Linux memfd_create() Fileless Malware with Command Line Forensics

Detecting Linux Kernel Process Masquerading with Command Line Forensics

How To Decloak Stealth Linux Cryptocurrency Mining Malware

Sandfly Filescan Open Source File Entropy Scanner for Linux

Basic Linux Malware Process Forensics for Incident Responders

Using Linux utmpdump for Forensics and Detecting Log File Tampering

Getting an Attacker IP Address from a Malicious Linux At Job

Detecting and De-Cloaking HiddenWasp Linux Stealth Malware

How To Recover A Deleted Binary From Active Linux Malware

Using Linux Process Environment Variables for Live Forensics

The Advantages of Agentless Security and Intrusion Detection for Linux

Using Command Line Tools to Find Process Masquerading Linux Malware

Why You Must Monitor Linux for Signs of Intruders

Hunting for Linux Intrusion Tactics is Better than Searching for Exploit Signatures

Why You Should Be Searching for Linux Anti-Forensics

Christchurch HackerCon 2018 Presentation – Insider’s History of Intrusion Detection Technology

Why Agentless Security is Needed on Linux

Linux Malware Cryptominer Detection and Forensics

The Pyramid of Pain and Sandfly

Detecting Linux Binary File Poisoning

Christchurch Hacker Con 2017 Linux Forensics Slides

Linux Malware Persistence with Cron

Linux Command Line Forensics Presentation at Christchurch Hacker Con 2017

Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly

Christchurch Hacker Con Linux Digital Forensics Video