Blog

Sandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More

June 05, 2018

The latest Sandfly release has new features for file classification and file entropy scanning. We can now spot files that are trying to masquerade as something they aren’t, and spot files that may be…

Christchurch Hacker Con 2017 Linux Forensics Slides

May 29, 2018

The slides for Craig’s talk on command line Linux Forensics from the 2017 Christchurch Hacker Con can be found here: Christchurch Hacker Con 2017 Linux Digital Forensics Presentation The slides cover…

Sandfly Documentation Now Online

May 29, 2018

We have posted the Sandfly documentation online for customers and those interested in reading about how to operate the product. Sandfly can help you work through a security incident by automatically…

Sandfly 1.1.11 Updates

May 27, 2018

Sandfly 1.1.11 is now available. This release has many new Sandflies that detect the following Linux threats: Greatly enhanced process forensics data. Malicious and suspicious process environment…

Linux Malware Persistence with Cron

May 01, 2018

If malware is anything at all, it’s persistent. On Linux, just like Windows, malware once loaded wants to stay loaded. On Windows systems this is usually done with a variety of registry mechanisms.…

Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly

April 26, 2018

Watch Sandfly’s agentless intrusion detection and threat hunting technology detect a Linux stealth rootkit. Sandfly automates the investigation and alerting of Linux rootkit compromises so you can…