Sandfly 1.1.11 is now available. This release has many new Sandflies that detect the following Linux threats: Greatly enhanced process forensics data. Malicious and suspicious process environment capture. Ability to see the IP address of …
If malware is anything at all, it’s persistent. On Linux, just like Windows, malware once loaded wants to stay loaded. On Windows systems this is usually done with a variety of registry mechanisms. For Linux …
Watch Sandfly’s agentless intrusion detection and threat hunting technology detect a Linux stealth rootkit. Sandfly automates the investigation and alerting of Linux rootkit compromises so you can respond quickly to threats. Hunt for rootkits. Don’t …
READ MOREDetect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly
Craig Rowland presented last October at the Christchurch HackCon on the topic of using basic command line tools for Linux forensic investigation. His talk focused around using built-in command line tools and careful observation to …
READ MORELinux Command Line Forensics Presentation at Christchurch Hacker Con 2017
Sandfly 1.1.4 is available. Includes 10 new sandflies to expand Linux stealth rootkit detection, process anti-forensics, log file tampering, suspicious user activity, and process masquerading attacks.
The video of Craig’s talk at the Christchurch Hacker Con has been posted to YouTube. This video covers the slides posted here on the blog which includes using basic Linux command line tools for intrusion detection …
READ MOREChristchurch Hacker Con Linux Digital Forensics Video
After much time coding and testing, we are pleased to announce that Sandfly 1.1 is now released. Sandfly is an agentless security investigator and compromise detection system for Linux. With Sandfly you can have an …