Linux Forensics
Linux Command Line Forensics and Intrusion Detection Cheat Sheet
May 21, 2021
Below is our Linux command line forensics and intrusion detection cheat sheet along with a presentation given at . These resources can help…
Detecting and Investigating OpenSSL Backdoors on Linux
April 19, 2021
A nightmare for security personnel on Linux is to find a backdoor operating. This means an attacker is interacting with the host in real…
Linux Malware Investigation Myth: You Don’t Need a Debugger
January 19, 2021
A big myth around investigating Linux malware is that the first tool you need is a debugger and deep knowledge of assembly to understand…
Investigating Linux Process File Descriptors for Incident Response and Forensics
January 07, 2021
Let’s talk about Linux file descriptors and how to investigate a malicious process using them. What Is a File Descriptor? Since the…
Linux Stealth Rootkit Process Decloaking Tool – sandfly-processdecloak
August 17, 2020
We have released a new tool called designed to decloak hidden processes from two common and easily deployed Linux Loadable Kernel Module…
Detecting Linux memfd_create() Fileless Malware with Command Line Forensics
July 09, 2020
A developing threat to Linux over the last several years has been the idea of fileless malware. Fileless malware is designed to inject…