Blog - Sandfly Security

Sandfly 1.5.0 Released – Enhanced Linux Process Forensics, Rootkit and Network Sniffer Hunting

November 28, 2018November 27, 2018

Sandfly 1.5.0 has been released with many new detection methods for Linux rootkits, malware and suspicious activity. The latest update expands on our already thorough intrusion detection and threat hunting net for Linux. This version …

Command Line Compromise Detection for Linux Cheat Sheet

November 15, 2018November 14, 2018

Below is our command line compromise detection for Linux cheat sheet and presentation given at Purplecon 2018: Linux Compromise Detection Command Cheat Sheet Linux Compromise Detection Presentation The presentation and cheat sheet give quick methods …

Christchurch HackerCon 2018 Presentation – Insider’s History of Intrusion Detection Technology

November 2, 2018November 2, 2018

Sandfly founder Craig Rowland did a presentation on the insider’s history of Intrusion Detection Systems at the Christchurch HackerCon. His slides are below and a video will be released when it is made available from …

Sandfly REST API Published

October 19, 2018

Sandfly rides on top a full featured REST API. Users can now access the REST API documentation below: Sandfly REST API Every aspect of Sandfly can be controlled through the API and integrated into your …

Linux Cryptomining Malware Podcast Interview

October 19, 2018

Sandfly founder Craig Rowland discusses Linux cryptomining malware on the Digital Forensics Survival Podcast with host Michael. They go over what this class of malware does, how it gets onto Linux systems, what to look for …

Sandfly 1.4.6 – Performance and Syslog Updates

October 18, 2018October 18, 2018

Performance Updates Sandlfy 1.4.6 is released. This update adds significant performance increases to the backend enabling faster handling of a large number of hosts. Thanks to our agentless design, Sandfly was always able to scan …

Sandfly 1.4.4 – Mind your PIDness

September 20, 2018September 20, 2018

Sandfly 1.4.4 Update Sandfly 1.4.4 is now released. We have added some new sandflies and broken out an older one to be more granular. Feature list: Sandflies to flag running processes under hidden subdirectories. Sandflies to detect malicious …

Sandfly Featured in the New Zealand Herald

September 13, 2018September 13, 2018

Sandfly had a write-up about our company and inspiration: An annoying biting insect from Fiordland. Sandflies Keep Businesses Safe in the New Zealand Herald.

Agentless Incident Response Sandflies and More Stealth Rootkit De-Cloaking: Sandfly 1.4.2 Released

September 4, 2018September 4, 2018

Sandfly 1.4.2 Update Sandfly 1.4.2 is now released. This version brings back the old “Recon” sandflies as “Incident” sandflies for use for Incident Response (IR) or those wanting to do spot checks on hosts for …

De-Cloaking Linux Stealth Rootkits, Whitelisting and UI Updates: Sandfly 1.4 Released

August 28, 2018August 28, 2018

Sandfly 1.4 has been released. We now have capabilities to de-cloak data being hidden by common Linux loadable kernel module stealth rootkits. This capability works even when they are active and trying to evade detection. …

Sandfly Blog