This year we have seen a huge uptick in cryptomining malware against Linux servers. The usual attack vector is the following: A brute force attack against SSH accounts. Automated install of a pre-compiled binary once …
A new version of Sandfly has been released. Version 1.3 has the following changes: Container OS was switched from Alpine to Ubuntu Minimal for better compatibility and more up to date packages. TLS 1.1 has …
Sandfly 1.2.6 Released This version of Sandfly has many internal performance improvements. Some sandfly checks have been sped up over 50%. We have also added a variety of new sandfly checks, some of which are …
READ MORELinux File Masquerading and Malicious PIDs – Sandfly 1.2.6 Update
Sandfly Selected for Vodafone Xone Startup Accelerator Sandfly has been selected by Vodafone to participate in their highly regarded Xone accelerator program here in New Zealand. The Xone accelerator gives Sandfly the chance to work …
There is a great post called The Pyramid of Pain by David Blanco that details the six ways to cause adversaries the most trouble when attacking your network. The Pyramid of Pain is below: We’ve been …
Linux Binary Poisoning Detection Let’s talk about Linux binary poisoning. Binary poisoning is tampering with a system command and replacing it with a malicious version. This can be a wholesale replacement with a new file …
READ MORELinux Binary Poisoning Detection – Sandfly 1.1.18 Update
The latest Sandfly release has new features for file classification and file entropy scanning. We can now spot files that are trying to masquerade as something they aren’t, and spot files that may be packed …
READ MORESandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More
The slides for Craig’s talk on command line Linux Forensics from the 2017 Christchurch Hacker Con can be found here: Christchurch Hacker Con 2017 Linux Digital Forensics Presentation The slides cover using basic command line …
READ MOREChristchurch Hacker Con 2017 Linux Forensics Slides
We have posted the Sandfly documentation online for customers and those interested in reading about how to operate the product. Sandfly can help you work through a security incident by automatically pulling over forensic information …
Sandfly 1.1.11 is now available. This release has many new Sandflies that detect the following Linux threats: Greatly enhanced process forensics data. Malicious and suspicious process environment capture. Ability to see the IP address of …