Sandfly Blog

This presentation was given by Sandfly Security’s CEO, Craig Rowland, at an invite only conference at Ericsson headquarters in Stockholm for telecommunications and mission critical infrastructure providers. 

We cover Linux threats from noisy cryptominers, command and control (C2) frameworks, and network implants like BPFDoor. Plus, we discuss Pluggable Authentication Module (PAM) password stealing backdoors, SSH credential theft, as well as stealth rootkits. You'll learn how these various attacks work and why some are much more difficult to detect. By the end of the video you’ll know what these Linux attack categories are,  why they are a threat, and when attackers may deploy them.

From cloud servers to embedded devices, Sandfly hunts Linux threats agentlessly. We find BPFDoor and stealth rootkits, track SSH keys, and identify the weak passwords that make compromise possible.

Next Steps

Download the PDF here. 

Contact Ericsson to learn more about agentless Linux security monitoring for critical infrastructure.

To learn more about hunting for Linux stealth rootkits using command line forensics, watch: