Sandfly Blog

Sandfly 1.5.0 Released – Enhanced Linux Process Forensics, Rootkit and Network Sniffer Hunting

Sandfly 1.5.0 has been released with many new detection methods for Linux rootkits, malware and suspicious activity. The latest update expands on our already thorough intrusion detection and threat hunting net for Linux. This version …

READ MORESandfly 1.5.0 Released – Enhanced Linux Process Forensics, Rootkit and Network Sniffer Hunting

Command Line Compromise Detection for Linux Cheat Sheet

Below is our command line compromise detection for Linux cheat sheet and presentation given at Purplecon 2018: Linux Compromise Detection Command Cheat Sheet Linux Compromise Detection Presentation The presentation and cheat sheet give quick methods …

READ MORECommand Line Compromise Detection for Linux Cheat Sheet

Christchurch HackerCon 2018 Presentation – Insider’s History of Intrusion Detection Technology

Sandfly founder Craig Rowland did a presentation on the insider’s history of Intrusion Detection Systems at the Christchurch HackerCon. His slides are below and a video will be released when it is made available from …

READ MOREChristchurch HackerCon 2018 Presentation – Insider’s History of Intrusion Detection Technology

Agentless Incident Response Sandflies and More Stealth Rootkit De-Cloaking: Sandfly 1.4.2 Released

Sandfly 1.4.2 Update Sandfly 1.4.2 is now released. This version brings back the old “Recon” sandflies as “Incident” sandflies for use for Incident Response (IR) or those wanting to do spot checks on hosts for …

READ MOREAgentless Incident Response Sandflies and More Stealth Rootkit De-Cloaking: Sandfly 1.4.2 Released