Malware

Sandfly 5.4 - Cisco and Juniper Network Device Support

Detecting Bincrypter Linux Malware Obfuscation

Sandfly 5.3.1 - Video Overview

Sandfly 5.3.1 - New License Tiers and SELinux Support

Sandfly 5.3 - Detailed Host Forensics and Microsoft Sentinel Integration

Linux Obsolete Password Hash Risks

Linux nologin Shell Rename Backdoor Attack Detection and Forensics

Linux Default User Password Attack Detection and Forensics

Linux Duplicate User Password Hash Attack

Detecting Melofee Stealth Backdoor Targeting Red Hat Linux

Rob Joyce Interview - Linux Critical Infrastructure Threats

De-Cloaking Linux Stealth Malware and Rootkits: sedexp, Diamorphine, and Reptile

Sandfly 5.2 - Linux Stealth Rootkit File and Directory De-Cloaking

Detecting Linux Stealth Rootkits with Directory Link Errors

XZ SSH Backdoor Detection Strategies

Evasive Linux Malware Detection Video Presentation (BPFDoor)

Detecting Evasive Linux Malware Presentation

Defending Security Infrastructure Against Wild Weasels

Active vs. Dormant Attacks on Linux: Don't Neglect Either!

SSH Key Compromise Risks and Countermeasures

Linux Stealth Rootkit Process Decloaking Tool Updated

Sandfly Linux File Entropy Scanner Updated

BPFDoor - An Evasive Linux Backdoor Technical Analysis

Security Monitoring for Threats on Embedded Linux

Log4j Kinsing Linux Stealth Malware in the Wild

Linux Stealth Rootkit Malware with EDR Evasion

Detecting CronRAT Crontab Malware on Linux

Linux Command Line Forensics and Intrusion Detection Cheat Sheet

Detecting and Investigating OpenSSL Backdoors on Linux

Linux Malware Investigation Myth: You Don’t Need a Debugger

Investigating Linux Process File Descriptors for Incident Response and Forensics

Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak

Detecting Linux memfd_create() Fileless Malware with Command Line Forensics

Detecting Linux Kernel Process Masquerading with Command Line Forensics

How To Decloak Stealth Linux Cryptocurrency Mining Malware

Sandfly Filescan Open Source File Entropy Scanner for Linux

Basic Linux Malware Process Forensics for Incident Responders

Using Linux utmpdump for Forensics and Detecting Log File Tampering

Getting an Attacker IP Address from a Malicious Linux At Job

Detecting and De-Cloaking HiddenWasp Linux Stealth Malware

How To Recover A Deleted Binary From Active Linux Malware

Using Linux Process Environment Variables for Live Forensics

Using Command Line Tools to Find Process Masquerading Linux Malware

Why You Must Monitor Linux for Signs of Intruders

Hunting for Linux Intrusion Tactics is Better than Searching for Exploit Signatures

Why You Should Be Searching for Linux Anti-Forensics

Linux Malware Cryptominer Detection and Forensics

Detecting Linux Binary File Poisoning

Linux Malware Persistence with Cron

Linux Command Line Forensics Presentation at Christchurch Hacker Con 2017

Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly