August 2019 - Sandfly Security

Sandfly 2.1 Released

August 6, 2019August 6, 2019

Sandfly 2.1 has been released. We have expanded MIPS and ARM CPU coverage for embedded Linux devices, boosted our bindshell backdoor coverage and added in new sniffer and rogue sudo user detection as well as …

Using Linux utmpdump for Forensics and Detecting Log File Tampering

August 1, 2019August 1, 2019

In this post we’re going to show you how to use utmpdump for investigating Linux audit logs for signs of compromise. Seemingly unknown by many, the utmpdump command is a great tool for Linux forensics …