Blog

Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly

April 26, 2018

Watch Sandfly’s agentless intrusion detection and threat hunting technology detect a Linux stealth rootkit. Sandfly automates the investigation and alerting of Linux rootkit compromises so you can…

Linux Command Line Forensics Presentation at Christchurch Hacker Con 2017

April 26, 2018

Craig Rowland presented last October at the Christchurch HackCon on the topic of using basic command line tools for Linux forensic investigation and threat hunting. His talk focused around detecting…

Sandfly 1.1.4 Updates

April 26, 2018

Sandfly 1.1.4 is available. Includes 10 new sandflies to expand Linux stealth rootkit detection, process anti-forensics, log file tampering, suspicious user activity, and process masquerading attacks…

Christchurch Hacker Con Linux Digital Forensics Video

April 18, 2018

The video of Craig’s talk at the Christchurch Hacker Con has been posted to YouTube. This video covers the slides posted here on the blog which includes using basic Linux command line tools for…

Hello, World — Sandfly 1.1 is now available

April 18, 2018

After much time coding and testing, we are pleased to announce that Sandfly 1.1 is now released. Sandfly is an agentless security investigator and compromise detection system for Linux. With Sandfly…

Sandfly 2.3.3 – More Linux Sniffer and Immutable File Detection

November 20, 2010

Sandfly 2.3.3 has been released. We’ve put in more methods to help spot packet sniffers and suspicious immutable files common with malware. Plus, this version has a bug fix for a problem where hosts…