Agentless Linux security. Protect Linux with no agents and no drama. Works almost everywhere with safety and speed.
Joined March 2017
- Tweets 692
- Following 1
- Followers 2,837
- Likes 498
160 Photos and videos
Pinned Tweet
20 Mar 2025
Sandfly protects virtually any Linux system with no endpoint agents and no drama.
2
17
6,426
May 12
Before deploying security tools across thousands of servers to support critical manufacturing operations, this automotive manufacturer demanded proof. Sandfly delivered.
ap1.hubs.ly/y0Ms5s0
1
4
394
A recently disclosed "Copy Fail" vulnerability affects nearly all Linux distributions since 2017. Sandfly has analyzed the exploit and created a detection module. Read the blog for the details:
ap1.hubs.ly/y0QC_J0
1
8
515
Sandfly founder @CraigHRowland is on @DestLinuxPod this week sharing insights on how LLMs are revolutionizing code auditing, as evidenced by the recent CopyFail exploit discovery.
ap1.hubs.ly/y0Qlqx0
3
4
2,592
Apr 28
Find out why a global automotive manufacturer chose agentless Linux security after agent-based solutions failed competitive testing.
Download our new case study: ap1.hubs.ly/y0LRHv0
1
3
125
Apr 13
An automotive manufacturer tested multiple Linux EDR solutions to support its critical assembly line systems across 1,600 servers in North America.
During competitive testing, an agent-based solution introduced unacceptable risk.
Read the case study to find out why they chose Sandfly’s solution for agentless Linux security: ap1.hubs.ly/y0LnkL0
1
7
2,565
Government agencies and critical infrastructure operators face unique Linux security challenges that traditional endpoint security cannot address.
On June 4, join Sandfly's CEO @CraigHRowland and @Carahsoft for a webinar, 5 Linux Security Blind Spots Putting Government Agencies at Risk.
Save your spot: ap1.hubs.ly/y0LnkX0
7
635
Mar 30
Sandfly's agentless platform delivers reliable threat detection across thousands of Linux servers that support a major automotive manufacturer - with no impact to production.
Download the case study to learn how to achieve Linux security without agents:
ap1.hubs.ly/y0J-X60
1
6
1,658
Mar 26
Sandfly 5.7 is here. 50% faster scans, lower memory usage, and less time on host. New loginUID attack detection, expanded ICMP backdoor detection, and support for 100,000 host views. Agentless Linux security with no endpoint agents and no drama.
sandflysecurity.com/blog/san…
6
3,795
Mar 24
Sandfly founder @CraigHRowland joins Destination Linux this week to discuss our new partnership with Ericsson to deliver agentless Linux security to telecommunications worldwide. Check it out below.
A new #DestinationLinux has hit the road! 😂❤️🐧🐧🐧
youtu.be/-zCJFEIIVyU
Security Scoop with @CraigHRowland: Ericsson & Agentless EDR 🎉
SCaLE 23x Highlights:
Part 1 🐧
#SCaLE23x #Linux #cybersecurity
#SandflySecurity
Thank you @SandflySecurity!
deviantairwaves.com/sandfly
3
207
Mar 18
We're partnering with @Carahsoft to bring agentless Linux EDR to government agencies and critical infrastructure.
Our agentless approach works where agents fail: air-gapped networks, embedded systems, and sensitive installations. Thanks @CraigAbod!
Read the press release:
sandflysecurity.com/blog/san…
1
2
12
6,402
Sandfly Security retweeted
Mar 18
Our partnership with @SandflySecurity is bringing agentless Linux EDR to the Public Sector. Protect mission-critical systems without performance risk or agents. Learn more: carah.io/SandflySecurityPR #LinuxSecurity #EDR #PublicSectorCyber
1
2
190
Feb 24
Sandfly founder @CraigHRowland is on Destination Linux this week discussing browser extension risks, AI agents being tricked to go rogue, and more.
A new #DestinationLinux has hit the road! 😂💖🐧🐧🐧
youtu.be/E7ntlO-6gEw
Security Scoop with Craig Rowland @CraigHRowland 🎉
Linux Kernel 6.19 Updates,
Exploring the Zen Browser
#Linux #opensource
#podcast #security
1
338
Sandfly Security retweeted
This thing looks pretty noisy. @SandflySecurity we don't have an install path and can run under random binary names. Being targeted for disabling like other EDRs is harder. We also patrol randomly without a fixed username so the system appears unmonitored to attackers.
Feb 2
ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control.
Expanded EDR / AV fingerprinting
The payload performs aggressive EDR and AV discovery using both filesystem path checks and service-state enumeration. Compared to upstream hackshell, this variant significantly expands coverage to include commercial EDR platforms, cloud agents, OT/ICS tooling, and telemetry collectors.
P1 File Path-based EDR Detection
P2 Service-based EDR detection
cyble.com/blog/shadowhs-file…
2
11
1,744
Sandfly Security retweeted
We've gotten many questions about voidlink on Linux, and yes @SandflySecurity finds it out of the box as you see below with no need to update. The report below covers the details, but I have a few more here.
Check Point Research unveils #VoidLink, a highly modular Linux malware framework with 30 plugins, cloud/container persistence, robust OPSEC (runtime encryption, rootkits, self-delete), and links to Chinese-affiliated actors. Full analysis on our blog
research.checkpoint.com/2026…
1
5
19
2,240
Sandfly Security retweeted
We have made major improvements to our unique and powerful agentless drift detection for Linux. With drift detection in operation, it's extremely hard for malicious activity happen on Linux without being noticed. Works on embedded/appliances, too!
Jan 26
Sandfly 5.6 introduces sweeping updates to our powerful agentless drift detection for Linux. Automated setup and built-in profile recommendations makes finding novel attacks against your entire Linux infrastructure fast and simple. See more below.
sandflysecurity.com/blog/san…
1
2
21
2,934
Jan 26
Sandfly 5.6 introduces sweeping updates to our powerful agentless drift detection for Linux. Automated setup and built-in profile recommendations makes finding novel attacks against your entire Linux infrastructure fast and simple. See more below.
sandflysecurity.com/blog/san…
1
7
3,128
Agent-based EDR on Linux: kernel panics, compatibility gaps, performance overhead.
What if we got rid of the agent?
Our new white paper documents the agentless alternative.
sandflysecurity.com/blog/the…
1
10
2,134
Sandfly Security retweeted
An interesting project on finding rootkits with timing methods. Attentive admins can actually see system impacts with stealth rootkits on Linux. I covered this idea in a much cruder way in a recent presentation. Top is no rootkit vs. rootkit on bottom with a find command.
This is nice - Detection of #Linux rootkit file hiding activities through analysis of shifts in kernel function execution times github.com/ait-aecid/rootkit…
1
4
20
3,684
17 Dec 2025
Sandfly founder @CraigHRowland joined @TuxDigitalNet Destination Linux for a deep dive into supply chain security realities: malicious VSCode extensions, React2Shell vulnerabilities, and why your open source hobby project may be targeted by serious threat actors.
16 Dec 2025
A new #DestinationLinux has hit the road!
😂🐧🐧🐧
youtu.be/z3fQhGvW3QA
Craig Rowland, the CEO of Sandfly Security joins us!
Security Deep Dive,
ravynOS: macOS BSD,
Canonical AMI bios boots Ubuntu
& More!
#Linux #FOSS
Thank you @SandflySecurity!
destinationlinux.net/sandfly
2
3,673
20 Nov 2025
We now offer a free five host Profession License of Sandfly with @DigitalOcean 1-Click marketplace deployments. Try out agentless Linux security on your workloads for free. See link below.
1
1
13
5,452
20 Nov 2025
Check out the full install tutorial here for additional help:
digitalocean.com/community/t…
1
170