Using Elasticsearch and Kibana to Investigate Suspicious Linux Activity with Sandfly

May 28, 2020

Linux Forensics, Videos

In this video we’re going to show you how to use Sandfly with Elasticsearch Kibana dashboards to search for and investigate a suspicious…

Using Linux Process Environment Variables for Live Forensics

May 06, 2019


In this post and video we’re going to explore the Linux /proc directory further by digging into a live process and the environment variables…

The Advantages of Agentless Security and Intrusion Detection for Linux

March 07, 2019


In this video Sandfly founder Craig Rowland talks about agentless vs. agent based security for Linux. He’ll discuss why agentless approaches…

Using Command Line Tools to Find Process Masquerading Linux Malware

February 28, 2019

Incident Response, Linux Forensics, Videos

In this video Sandfly founder Craig Rowland goes over the basics behind using command line tools on Linux to look into a suspicious process…

Why You Must Monitor Linux for Signs of Intruders

February 21, 2019


When Sandfly Founder Craig Rowland was brought in to do his first penetration test many years ago, one of the first systems he broke into…

Hunting for Linux Intrusion Tactics is Better than Searching for Exploit Signatures

February 14, 2019

Intrusion Detection, Linux Forensics, Videos

When the NSA and a couple years back, Sandfly founder Craig Rowland ignored the zero day attacks they had and studied their tactics in the…