Getting an Attacker IP Address from a Malicious Linux At Job

July 26, 2019

Computer Forensics, Linux Forensics

Attackers on Linux often try to establish so they can maintain access to a host. The most common way to do this is with a cron job that…

Sandfly 2.0 Released – Write Your Own Sandflies

July 03, 2019

Sandfly, Sandfly Update, Update

Sandfly 2.0 is here. Sandfly 2.0 brings powerful new capabilities for agentless compromise detection and incident response for Linux. This…

Detecting and De-Cloaking HiddenWasp Linux Stealth Malware

June 04, 2019

Linux Forensics, Malware

A new Linux stealth malware was . The malware, named HiddenWasp, is a remote access tool that has two modes of infection depending on…

How To Recover A Deleted Binary From Active Linux Malware

June 03, 2019

Computer Forensics, Linux Forensics

Often, Linux malware will delete itself after it starts so that file scanners and integrity checks won’t see the binary present. It also can…

Using Linux Process Environment Variables for Live Forensics

May 06, 2019


In this post and video we’re going to explore the Linux /proc directory further by digging into a live process and the environment variables…

The Advantages of Agentless Security and Intrusion Detection for Linux

March 07, 2019


In this video Sandfly founder Craig Rowland talks about agentless vs. agent based security for Linux. He’ll discuss why agentless approaches…