Sandfly 5.4 - Cisco and Juniper Network Device Support. Learn more

Under Attack?Support Contact Us

Linux Security

Eliminating Linux Security Blind Spots: Insights from the CISO Series Podcast

Detecting Bincrypter Linux Malware Obfuscation

Sandfly Wins Gold in the Cybersecurity Excellence Awards for EDR

Linux Password Hash Risks and Security Overview

SSH Lateral Movement Risks on Linux Webinar and White Paper

February 27, 2025

Detecting Melofee Stealth Backdoor Targeting Red Hat Linux

November 14, 2024

Rob Joyce Interview - Linux Critical Infrastructure Threats

October 15, 2024

De-Cloaking Linux Stealth Malware and Rootkits: sedexp, Diamorphine, and Reptile

October 13, 2024

Free Sandfly Linux Incident Response License

September 11, 2024

Linux Forensics

Evasive Linux Malware Detection Video Presentation (BPFDoor)

November 14, 2023

https://www.nationalmuseum.af.mil/Visit/Museum-Exhibits/Fact-Sheets/Display/Article/197493/what-is-a-wild-weasel/

Defending Security Infrastructure Against Wild Weasels

September 3, 2023

Loitering Munition - https://milmag.pl/arms-security-2021-ukrainska-amunicja-krazaca-uj-32-lastiwka/

Active vs. Dormant Attacks on Linux: Don't Neglect Either!

August 18, 2023

SSH Hunter Explorer Fullscreen

SSH Key Compromise Risks and Countermeasures

Google Cloud Compromise Factors

SSH Major Compromise Vector for Linux

January 5, 2023

Sandfly Linux File Entropy Scanner Updated

Viewing Linux security alerts by host.

Leveling Up Your Linux Security

February 22, 2022

Log4j Kinsing Linux Stealth Malware in the Wild

December 14, 2021

Sandfly Detects Novel Stealth Linux Malware

Linux Stealth Rootkit Malware with EDR Evasion

November 29, 2021

CronRAT Bogus Date

Detecting CronRAT Crontab Malware on Linux

November 28, 2021

Linux Forensics

Linux Command Line Forensics and Intrusion Detection Cheat Sheet

Detecting and Investigating OpenSSL Backdoors on Linux

Linux Malware Investigation Myth: You Don’t Need a Debugger

January 18, 2021

Investigating Linux Process File Descriptors for Incident Response and Forensics

January 6, 2021

Getting In The Fight

September 3, 2020

Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak

August 16, 2020

Detecting Linux memfd_create() Fileless Malware with Command Line Forensics

Using Elasticsearch and Kibana to Investigate Suspicious Linux Activity with Sandfly

Detecting Linux Kernel Process Masquerading with Command Line Forensics

How To Decloak Stealth Linux Cryptocurrency Mining Malware

December 16, 2019

Sandfly Filescan Open Source File Entropy Scanner for Linux

November 25, 2019

Basic Linux Malware Process Forensics for Incident Responders

September 30, 2019

Using Linux utmpdump for Forensics and Detecting Log File Tampering

Getting an Attacker IP Address from a Malicious Linux At Job

Detecting and De-Cloaking HiddenWasp Linux Stealth Malware

How To Recover A Deleted Binary From Active Linux Malware

Using Linux Process Environment Variables for Live Forensics

The Advantages of Agentless Security and Intrusion Detection for Linux

Using Command Line Tools to Find Process Masquerading Linux Malware

February 27, 2019

Why You Must Monitor Linux for Signs of Intruders

February 20, 2019

Hunting for Linux Intrusion Tactics is Better than Searching for Exploit Signatures

February 13, 2019

Ninjas on Rooftops – A Better Approach to Linux Threat Hunting

February 11, 2019

Why You Should Be Searching for Linux Anti-Forensics

February 9, 2019

Christchurch HackerCon 2018 Presentation – Insider’s History of Intrusion Detection Technology

November 1, 2018

Why Agentless Security is Needed on Linux

August 20, 2018

Linux Malware Cryptominer Detection and Forensics

The Pyramid of Pain and Sandfly

Detecting Linux Binary File Poisoning

Christchurch Hacker Con 2017 Linux Forensics Slides

Linux Malware Persistence with Cron

Linux Command Line Forensics Presentation at Christchurch Hacker Con 2017

Christchurch Hacker Con Linux Digital Forensics Video