Rootkits

Detecting Evasive Linux Malware Presentation

Rootkits
Education
Linux Forensics
Malware
October 20, 2023

Sandfly founder Craig Rowland gave a presentation for the FIRST Cold Incident Response Conference in Oslo on evasive Linux backdoors and malware below: Evasive Linux Backdoors and Malware…

Linux Stealth Rootkit Process Decloaking Tool Updated

Linux Forensics
Rootkits
Malware
November 21, 2022

Decloaking Linux stealth rootkits that are hiding processes from view is easy with our free tool sandfly-processdecloak which has been updated below: sandfly-processdecloak on Github This free tool…

How To Detect and Decloak Linux Stealth Rootkit Data

Rootkits
Linux Forensics
November 15, 2022

Linux stealth rookits have a variety of mechanisms to hide on a host. Aside from standard tactics such as hiding running processes (which we show you how to decloak here ), they also can hide data…

Linux Stealth Rootkit Malware with EDR Evasion

Malware
Rootkits
Linux Forensics
Linux Security
November 28, 2021

Recently, Sandfly was contacted to investigate an incident involving a novel piece of Linux stealth malware. What made this malware interesting is it deployed a full stealth rootkit to hide itself,…

Linux Command Line Forensics and Intrusion Detection Cheat Sheet

Linux Forensics
Malware
Rootkits
Linux Security
Cheat Sheets
May 20, 2021

Below is our Linux command line forensics and intrusion detection cheat sheet along with a presentation given at Purplecon 2018 . These resources can help you investigate a Linux host for compromise…

Detecting and Investigating OpenSSL Backdoors on Linux

Malware
Rootkits
Linux Security
Linux Forensics
April 18, 2021

A nightmare for security personnel on Linux is to find a backdoor operating. This means an attacker is interacting with the host in real-time to further their intrusion. Of various backdoors that can…