Sandfly 5.4 - Cisco and Juniper Network Device Support
.
Learn more
Under Attack?
Support
Contact Us
Platform
Why Sandfly
Resources
About
Blog
Get Sandfly
Linux Forensics
Product Update
Sandfly 5.4 - Cisco and Juniper Network Device Support
April 22, 2025
Malware
Detecting Bincrypter Linux Malware Obfuscation
March 27, 2025
Linux Security
Linux Password Hash Risks and Security Overview
March 3, 2025
Linux Forensics
Sandfly 5.3.1 - Video Overview
March 2, 2025
Linux Security
SSH Lateral Movement Risks on Linux Webinar and White Paper
February 27, 2025
Product Update
Sandfly 5.3.1 - New License Tiers and SELinux Support
February 24, 2025
Videos
Obsolete Linux Password Hash Threats
February 13, 2025
Product Update
Sandfly 5.3 - Detailed Host Forensics and Microsoft Sentinel Integration
January 27, 2025
Videos
Hidden Linux Binary Threats for Intruders and Malware
January 15, 2025
Videos
Immutable File Attack Persistence on Linux
January 9, 2025
Videos
Linux Immutable Malware Process Binary Attack
January 6, 2025
Videos
Linux EDR Detecting Processes Running from Temporary Directory Attack
January 2, 2025
Videos
Linux Process Running with Hidden Binary Name Attack
December 29, 2024
Videos
Linux Process Running from /dev/shm RAM Disk Attack
December 19, 2024
Videos
Deleted Process Binary Attack on Linux
December 19, 2024
Videos
SSH Excessive Keys Risk - Do You Have Too Many SSH Keys?
December 12, 2024
Videos
SSH Authorized Keys2 Backdoor Attack
December 11, 2024
Videos
Risky Business Snake Oilers Interview with Sandfly Security
December 10, 2024
Videos
Default User SSH Authorized Key Risks on Linux
December 9, 2024
Videos
Unsecured and Unencrypted SSH Private Key Threats on Linux
December 8, 2024
Videos
Linux Obsolete Password Hash Risks
December 5, 2024
Videos
Linux nologin Shell Rename Backdoor Attack Detection and Forensics
December 4, 2024
Videos
Linux Default User Password Attack Detection and Forensics
December 3, 2024
Videos
Linux Duplicate User Password Hash Attack
December 2, 2024
Videos
Linux Reverse Shell Detection and Forensics
December 2, 2024
Product Update
Sandfly 5.2 - Linux Stealth Rootkit File and Directory De-Cloaking
October 7, 2024
Linux Security
Free Sandfly Linux Incident Response License
September 11, 2024
Malware
Detecting Linux Stealth Rootkits with Directory Link Errors
June 25, 2024
Linux Forensics
Evasive Linux Malware Detection Video Presentation (BPFDoor)
November 14, 2023
Rootkits
Detecting Evasive Linux Malware Presentation
October 20, 2023
Malware
SSH Key Compromise Risks and Countermeasures
June 26, 2023
Linux Forensics
Linux Stealth Rootkit Process Decloaking Tool Updated
November 21, 2022
Rootkits
How To Detect and Decloak Linux Stealth Rootkit Data
November 15, 2022
Malware
Sandfly Linux File Entropy Scanner Updated
June 30, 2022
Malware
BPFDoor - An Evasive Linux Backdoor Technical Analysis
May 11, 2022
Malware
Log4j Kinsing Linux Stealth Malware in the Wild
December 14, 2021
Malware
Linux Stealth Rootkit Malware with EDR Evasion
November 29, 2021
Malware
Detecting CronRAT Crontab Malware on Linux
November 28, 2021
Linux Forensics
Linux Command Line Forensics and Intrusion Detection Cheat Sheet
May 20, 2021
Malware
Detecting and Investigating OpenSSL Backdoors on Linux
April 18, 2021
Rootkits
Linux Malware Investigation Myth: You Don’t Need a Debugger
January 18, 2021
Malware
Investigating Linux Process File Descriptors for Incident Response and Forensics
January 6, 2021
Malware
Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak
August 16, 2020
Malware
Detecting Linux memfd_create() Fileless Malware with Command Line Forensics
July 8, 2020
Malware
Detecting Linux Kernel Process Masquerading with Command Line Forensics
March 30, 2020
Malware
How To Decloak Stealth Linux Cryptocurrency Mining Malware
December 16, 2019
Malware
Sandfly Filescan Open Source File Entropy Scanner for Linux
November 25, 2019
Malware
Basic Linux Malware Process Forensics for Incident Responders
September 30, 2019
Malware
Using Linux utmpdump for Forensics and Detecting Log File Tampering
July 31, 2019
Malware
Getting an Attacker IP Address from a Malicious Linux At Job
July 25, 2019
Malware
Detecting and De-Cloaking HiddenWasp Linux Stealth Malware
June 3, 2019
Malware
How To Recover A Deleted Binary From Active Linux Malware
June 2, 2019
Malware
Using Linux Process Environment Variables for Live Forensics
May 5, 2019
Videos
The Advantages of Agentless Security and Intrusion Detection for Linux
March 6, 2019
Malware
Using Command Line Tools to Find Process Masquerading Linux Malware
February 27, 2019
Rootkits
Why You Must Monitor Linux for Signs of Intruders
February 20, 2019
Malware
Hunting for Linux Intrusion Tactics is Better than Searching for Exploit Signatures
February 13, 2019
Videos
Why You Should Be Searching for Linux Anti-Forensics
February 9, 2019
Presentations
Christchurch HackerCon 2018 Presentation – Insider’s History of Intrusion Detection Technology
November 1, 2018
Linux Security
Why Agentless Security is Needed on Linux
August 20, 2018
Malware
Linux Malware Cryptominer Detection and Forensics
July 25, 2018
Linux Security
The Pyramid of Pain and Sandfly
June 20, 2018
Malware
Detecting Linux Binary File Poisoning
June 13, 2018
Linux Security
Christchurch Hacker Con 2017 Linux Forensics Slides
May 29, 2018
Malware
Linux Malware Persistence with Cron
May 1, 2018
Malware
Linux Command Line Forensics Presentation at Christchurch Hacker Con 2017
April 26, 2018
Rootkits
Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly
April 26, 2018
Presentations
Christchurch Hacker Con Linux Digital Forensics Video
April 18, 2018