Linux Stealth Rootkit Hunting with Command Line Forensics - FIRST 2025 Oslo Cold Incident Response

Learn how to hunt for Linux stealth rootkits using command line tools with this presentation given at the FIRST Cold Incident Response Conference in Oslo Norway 2025. Presented by Craig Rowland, this presentation goes over a Chinese stealth rootkit leaked by Phrack magazine and how to find it using common command line tools. We also discuss how to approach rootkit hunting on Linux using practical real-world examples along with options for doing it at scale with Sandfly. Download the full PDF presentation and access more links here: https://sandflysecurity.com/blog/linu... Be sure to subscribe and follow us: https://www.sandflysecurity.com   / sandflysecurity     / sandfly  

Join Today
Linux Rootkits and Malware from Simple to Sophisticated
▶︎

Linux Rootkits and Malware from Simple to Sophisticated

Microsoft Just Released Their Own Linux Distro: Should You Be Worried?
▶︎

Microsoft Just Released Their Own Linux Distro: Should You Be Worried?

From Failure to 4 Business Exits | Phil Masiello on Scaling, Branding & Leadership
▶︎

From Failure to 4 Business Exits | Phil Masiello on Scaling, Branding & Leadership

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
▶︎

DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro

Hacking Active Directory From Nothing - ShadowGate (HackSmarter)
▶︎

Hacking Active Directory From Nothing - ShadowGate (HackSmarter)

Red-Teaming the AI Red Team – Dario Pasquini
▶︎

Red-Teaming the AI Red Team – Dario Pasquini

Watch this if everything feels too much (gentle comfort for tired women)
▶︎

Watch this if everything feels too much (gentle comfort for tired women)

How Hackers Actually Chain Tools Together (Nmap, Dirb, Wireshark)
▶︎

How Hackers Actually Chain Tools Together (Nmap, Dirb, Wireshark)

SSH Lateral Movement Attack and Key Threats on Linux Webinar
▶︎

SSH Lateral Movement Attack and Key Threats on Linux Webinar

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Judge the LLM Judge – Ensemble Testing of an LLM Application | Berlin Quality Engineering meetup
▶︎

Judge the LLM Judge – Ensemble Testing of an LLM Application | Berlin Quality Engineering meetup

Warning! This is how cars are hacked. Just like in Mr Robot.
▶︎

Warning! This is how cars are hacked. Just like in Mr Robot.

Google PANICS As GrapheneOS EXPLODES And Android Users WALK AWAY
▶︎

Google PANICS As GrapheneOS EXPLODES And Android Users WALK AWAY

Sandfly Operation - Finding and Tracking SSH Keys on Linux Agentlessly
▶︎

Sandfly Operation - Finding and Tracking SSH Keys on Linux Agentlessly

ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours
▶︎

ASMR Addictive Fast Tapping Collection For Deep Sleep & Anxiety Relief (No Talking) — 2.5 Hours

Linux File System Structure Explained: From / to /usr | Linux Basics
▶︎

Linux File System Structure Explained: From / to /usr | Linux Basics

God Says:"I JUST CONFIRMED — ONLY YOU CAN SEE THIS LETTER"/God Message Now/God Message
▶︎

God Says:"I JUST CONFIRMED — ONLY YOU CAN SEE THIS LETTER"/God Message Now/God Message

Oligarchy is worse than you think
▶︎

Oligarchy is worse than you think

Sandfly 5.3.1 - SELinux support, Linux stealth rootkit detection, and affordable home user license.
▶︎

Sandfly 5.3.1 - SELinux support, Linux stealth rootkit detection, and affordable home user license.

We Asked a CIA Officer 24 Tough Questions | Honesty Box
▶︎

We Asked a CIA Officer 24 Tough Questions | Honesty Box