The Digital Ocean App Marketplace now has images of Sandfly available: Digital Ocean Sandfly Marketplace Image Digital Ocean users can now setup Sandfly with 1-Click install and begin scanning your hosts for compromise and suspicious …
Below is our Linux command line forensics and intrusion detection cheat sheet along with a presentation given at Purplecon 2018. These resources can help you investigate a Linux host for compromise without loading any special …
A nightmare for security personnel on Linux is to find a backdoor operating. This means an attacker is interacting with the host in real-time to further their intrusion. Of various backdoors that can be used, …
Sandfly 2.9.0 has been released and allows everyone to get a free annual license to monitor five Linux hosts. You can use this license immediately to protect five hosts for either personal or business use. …
Sandfly 2.8.2 is here and features many upgrades including over 1,000 compromise detection and incident response modules for Linux. This update features: User password entry decoder to search for password age, expiration and hash parameters. …
A big myth around investigating Linux malware is that the first tool you need is a debugger and deep knowledge of assembly to understand what it does. It’s easy for admins and security personnel responding …
Let’s talk about Linux file descriptors and how to investigate a malicious process using them. What Is a File Descriptor? Since the inception of Unix (on which Linux is based), everything is a file. We …
Sandfly 2.8.0 is released and features a major new upgrade allowing users to automatically respond to detected Linux attacks agentlessly. In addition to this we have made large performance upgrades to the backend server and …
Sandfly 2.7.2 has been released. This is a bug fix release to address a performance issue. In the last release Sandfly introduced more extensive process decloaking for stealth rootkits. The technique effectively decloaks many kinds …