Ninjas on Rooftops – A Better Approach to Linux Threat Hunting

Intrusion detection thought for the day: Someone trying to hide is a signature.

In this video, Sandfly founder Craig Rowland discusses why hunting for hiding tactics vs. specific exploit signatures is an effective way to find intruders on Linux. Sandfly has a lot of investigation capability around finding malicious hiding activity and tampering on Linux for this reason.