Blog - Page 5 of 6 - Sandfly Security

Vodafone Selects Sandfly Security for the Xone

August 20, 2018June 27, 2018

Sandfly Selected for Vodafone Xone Startup Accelerator Sandfly has been selected by Vodafone to participate in their highly regarded Xone accelerator program. The Xone accelerator selects high potential startups to work directly with Vodafone and …

The Pyramid of Pain and Sandfly

June 21, 2018June 21, 2018

There is a great post called The Pyramid of Pain by David Blanco that details the six ways to cause adversaries the most trouble when attacking your network. The Pyramid of Pain is below: We’ve been …

Linux Binary Poisoning Detection – Sandfly 1.1.18 Update

June 14, 2018

Linux Binary Poisoning Detection Let’s talk about Linux binary poisoning. Binary poisoning is tampering with a system command and replacing it with a malicious version. This can be a wholesale replacement with a new file …

Sandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More

June 6, 2018June 6, 2018

The latest Sandfly release has new features for file classification and file entropy scanning. We can now spot files that are trying to masquerade as something they aren’t, and spot files that may be packed …

Christchurch Hacker Con 2017 Linux Forensics Slides

June 6, 2018May 30, 2018

The slides for Craig’s talk on command line Linux Forensics from the 2017 Christchurch Hacker Con can be found here: Christchurch Hacker Con 2017 Linux Digital Forensics Presentation The slides cover using basic command line …

Sandfly Documentation Now Online

May 30, 2018May 30, 2018

We have posted the Sandfly documentation online for customers and those interested in reading about how to operate the product. Sandfly can help you work through a security incident by automatically pulling over forensic information …

Sandfly 1.1.11 Updates

May 29, 2018May 28, 2018

Sandfly 1.1.11 is now available. This release has many new Sandflies that detect the following Linux threats: Greatly enhanced process forensics data. Malicious and suspicious process environment capture. Ability to see the IP address of …

Linux Malware Persistence with Cron

May 2, 2018May 2, 2018

If malware is anything at all, it’s persistent. On Linux, just like Windows, malware once loaded wants to stay loaded. On Windows systems this is usually done with a variety of registry mechanisms. For Linux …

Detect Linux Loadable Kernel Module Stealth Rootkits Agentlessly with Sandfly

May 30, 2018April 27, 2018

Watch Sandfly’s agentless intrusion detection and threat hunting technology detect a Linux stealth rootkit. Sandfly automates the investigation and alerting of Linux rootkit compromises so you can respond quickly to threats. Hunt for rootkits. Don’t …

Sandfly Blog