Linux Forensics

1000 to 1 Rule of Intrusion Detection

February 08, 2019

Linux Forensics, Videos

This is the first in an ongoing series of short videos on topics around intrusion detection, Linux security, digital forensics, malware and…

Linux Malware Cryptominer Detection and Forensics

July 26, 2018

Computer Forensics, Linux Forensics, Sandfly

This year we have seen a huge uptick in cryptomining malware against Linux servers. The usual attack vector is the following: A brute force…

Linux File Masquerading and Malicious PIDs – Sandfly 1.2.6 Update

July 05, 2018

Linux Forensics, Sandfly, Sandfly Update

Sandfly 1.2.6 Released This version of Sandfly has many internal performance improvements. Some sandfly checks have been sped up over 5…

The Pyramid of Pain and Sandfly

June 21, 2018

Linux Forensics, Philosophy, Sandfly, Security

There is a great post called by David Blanco that details the six ways to cause adversaries the most trouble when attacking your network…

Detecting Linux Binary File Poisoning

June 14, 2018

Binary Poisoning, Computer Forensics, Linux Forensics, Masquerading, Sandfly, Sandfly Update

Let’s talk about Linux binary poisoning. Binary poisoning is tampering with a system command and replacing it with a malicious version. This…

Sandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More

June 06, 2018

Computer Forensics, File Entropy, Linux Forensics, Malware, Sandfly, Update

The latest Sandfly release has new features for file classification and file entropy scanning. We can now spot files that are trying to…