Getting In The Fight
Let’s talk about how to be effective detecting intruders. Or what we at Sandfly Security simply call: Getting in the fight. First to lay some groundwork, the policy of Sandfly Security is that we don’t …
malware
Detecting and De-Cloaking HiddenWasp Linux Stealth Malware
A new Linux stealth malware was discovered by researchers last week. The malware, named HiddenWasp, is a remote access tool that has two modes of infection depending on whether it has root level or user …
READ MOREDetecting and De-Cloaking HiddenWasp Linux Stealth Malware
Linux Cryptomining Malware Podcast Interview
Sandfly founder Craig Rowland discusses Linux cryptomining malware on the Digital Forensics Survival Podcast with host Michael. They go over what this class of malware does, how it gets onto Linux systems, what to look for …
Sandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More
The latest Sandfly release has new features for file classification and file entropy scanning. We can now spot files that are trying to masquerade as something they aren’t, and spot files that may be packed …
READ MORESandfly 1.1.14 – Linux File Masquerading, Encrypted Malware Detection, and More
Linux Malware Persistence with Cron
If malware is anything at all, it’s persistent. On Linux, just like Windows, malware once loaded wants to stay loaded. On Windows systems this is usually done with a variety of registry mechanisms. For Linux …