Blog
Sandfly 2.3.2 – Linux Packet Sniffer Detection and Faster Process Forensics
November 12, 2019
Sandfly 2.3.2 has been released. It includes new capabilities to detect a variety of Linux network packet sniffers, plus has internal…
Sandfly 2.3 – Performance Updates, Elasticsearch 7 Support and More
October 30, 2019
Sandfly 2.3 is now released. This version features many changes to improve performance, updates the custom Sandfly syntax, eliminates false…
Basic Linux Malware Process Forensics for Incident Responders
October 01, 2019
Let’s go step-by-step and do some basic live process forensics for Linux. Today’s attack is a bind shell backdoor waiting for a connection…
Sandfly 2.2 – Enhanced Web Shell Detection, Anti-Forensics and More
September 03, 2019
Sandfly 2.2 has now been released. This update adds new capabilities around web shell detection, anti-forensics detection, plus much more. A…
Sandfly 2.1 Released
August 06, 2019
Sandfly 2.1 has been released. We have expanded MIPS and ARM CPU coverage for embedded Linux devices, boosted our bindshell backdoor…
Using Linux utmpdump for Forensics and Detecting Log File Tampering
August 01, 2019
In this post we’re going to show you how to use utmpdump for investigating Linux audit logs for signs of compromise. Seemingly unknown by…