A nightmare for security personnel on Linux is to find a backdoor operating. This means an attacker is interacting with the host in real-time to further their intrusion. Of various backdoors that can be used, …
READ MOREDetecting and Investigating OpenSSL Backdoors on Linux
Sandfly 2.9.0 has been released and allows everyone to get a free annual license to monitor five Linux hosts. You can use this license immediately to protect five hosts for either personal or business use. …
READ MORESandfly 2.9.0 – Protect Five Linux Hosts Free Instantly
Sandfly 2.8.2 is here and features many upgrades including over 1,000 compromise detection and incident response modules for Linux. This update features: User password entry decoder to search for password age, expiration and hash parameters. …
READ MORESandfly 2.8.2 – Over 1,000 Linux Compromise Detection Modules and More
A big myth around investigating Linux malware is that the first tool you need is a debugger and deep knowledge of assembly to understand what it does. It’s easy for admins and security personnel responding …
READ MORELinux Malware Investigation Myth: You Don’t Need a Debugger
Let’s talk about Linux file descriptors and how to investigate a malicious process using them. What Is a File Descriptor? Since the inception of Unix (on which Linux is based), everything is a file. We …
READ MOREInvestigating Linux Process File Descriptors for Incident Response and Forensics
Sandfly 2.8.0 is released and features a major new upgrade allowing users to automatically respond to detected Linux attacks agentlessly. In addition to this we have made large performance upgrades to the backend server and …
READ MORESandfly 2.8.0 – Agentless Active Attack Response for Linux
Sandfly 2.7.2 has been released. This is a bug fix release to address a performance issue. In the last release Sandfly introduced more extensive process decloaking for stealth rootkits. The technique effectively decloaks many kinds …
Let’s talk about how to be effective detecting intruders. Or what we at Sandfly Security simply call: Getting in the fight. First to lay some groundwork, the policy of Sandfly Security is that we don’t …
We have released a new tool called sandfly-processdecloak designed to decloak hidden processes from two common and easily deployed Linux Loadable Kernel Module (LKM) stealth rootkits: Diamorphine and Reptile. You can download the tool from …
READ MORELinux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak