Linux Threats Detected
Sandfly Security is proud to be part of the
Vodafone Xone Accelerator Program
Sandlfly hunts for the common and uncommon threats against Linux.
Hunting for Linux Threats
Sandfly has a large and growing list of threats it can detect.
Sandfly is an agentless Linux security platform that constantly hunts for intruders. When threats are found, Sandfly becomes an expert forensic investigator providing specific information on what is happening.
For security and incident response teams, we allow you to write your own custom sandfly checks in an easy to learn syntax. You can custom craft your own threat hunting checks and deploy them instantly without loading any software or updates across your Linux systems.
The modular approach we use means that more detection methods are being added all the time to enhance our capability.
We currently have around 700 security and incident response modules designed specifically for Linux, and the list grows each day. Below is a high-level list of just some of the threats we hunt for on Linux.
Linux Intrusion, Compromise & Malware Threats Detected
- Loadable Kernel Module stealth rootkit detection
- Standard rootkit detection
- Cryptocurrency and cryptominer detection
- Hidden and suspicious directories
- Hidden and suspicious processes
- Processes performing suspicious network activity
- Process masquerading
- File masquerading and hiding
- Poisoned system commands
- Cloaked data from stealth rootkits
- Tampered system start-up scripts
- Encrypted and suspicious executable files
- Unusual system binaries
- Suspicious users and permissions
- Hidden executables
- System shells being used or concealed in suspicious ways
- Reverse bindshell exploits
- Standard bindshell exploits
- Compromised websites
- Tampered audit records
- Destroyed audit records
- Webshells and backdoors
- Anti-forensics activity
- Cloaked backdoors
- Privilege escalation backdoors
- Malware persistence mechanisms
- SSH keys being misused or orphaned
- Suspicious user login and logout activities
- Suspicious cron job and other scheduled tasks
- Linux malware and Advanced Persistent Threat activity
- Distributed Denial of Service (DDoS) agents
- Password and network sniffers
- Many others!
An Expanding Detection Net
Sandfly is constantly looking for anything that is suspicious on your Linux hosts. With new sandflies being added all the time, Sandfly is able to provide a thorough detection net for your computers without the hassle of agents or piles of false alarms.