Malware
Sandfly 5.3 - Detailed Host Forensics and Microsoft Sentinel Integration
Sandfly 5.3.0 features a major UI overhaul with our new Linux host forensics and data views. We’ve not only brought critical host data front and center for rapid incident investigation, but expanded…
Linux Obsolete Password Hash Risks
Obsolete password hashes on Linux expose users to brute force attack. Legacy password hashes have included MD5 which can have billions of attempts a second tried against it by GPU based crackers.…
Linux nologin Shell Rename Backdoor Attack Detection and Forensics
Ever wondered what would happen if you replaced the Linux /sbin/nologin with a valid shell? Attackers have and it gives them a persistent backdoor on supposedly disabled accounts. In this video we go…
Linux Default User Password Attack Detection and Forensics
Linux ships with default users disabled. But, attackers can activate these accounts to allow backdoor access that can hide for a long time. In this video we discuss this threat, how to find it with…
Linux Duplicate User Password Hash Attack
Duplicate password hashes on Linux are a tactic for attackers to drop backdoor accounts in an automated way. In this video we explain what a duplicate password hash attack is, and how you can find it…
Detecting Melofee Stealth Backdoor Targeting Red Hat Linux
A new report from Qianxin's X Lab was released detailing new stealth malware targeting Red Hat 7.9 and similar systems: New Zero-Detection Variant of Melofee Backdoor from Winnti Strikes RHEL…