Blog

Business as Usual?

The rollercoaster ride that represents cyber negotiations between the U.S. and China reached both new heights and lows Monday as the U.S. Department of Justice (DOJ) indicted five members of China’s People’s Liberation Army (PLA) Unit 61398 for committing cyber espionage against several U.S. corporations. The landmark indictment was the first time criminal charges have been filed against known state actors for hacking. Accompanying the public announcement of the indictment, the U.S. Federal...

2 months 1 day ago | MORE

New CrowdResponse Modules

During his talk at this year’s RSA conference, George Kurtz introduced a new free community tool named CrowdResponse.   CrowdResponse is a robust data-gathering platform that we intend to continue improving with new modules and data acquisition capabilities.  Today we are releasing three additional modules for CrowdResponse – Drivers, Handles, and Strings. These modules focus on memory analysis and are extremely pertinent to detecting much of the malware that we have been discussing lately...

2 months 3 days ago | MORE

Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN

Today, our friends at FireEye released a report on an Iran-based adversary they are calling Saffron Rose. CrowdStrike Intelligence has also been tracking and reporting internally on this threat group since mid-January 2014 under the name FLYING KITTEN, and since that time has seen targeting of multiple U.S.-based defense contractors as well as political dissidents.

Flying Kitten Targeted Intrusion

FireEye’s report notes that this adversary’s targeted intrusion activity consists...

2 months 1 week ago | MORE

Coming Up: USA CyberCrime Conference

CrowdStrike is pleased to participate in the upcoming United States Cyber Crime Conference 2014!  Previously known as the US DoD Cyber Crime Conference, this event has a long history of bringing together a diverse crowd from law enforcement, defense, legal and commercial incident response teams.  If you are attending the conference, there will be many opportunities to meet the CrowdStrike team.  Several members of our consulting and managed services team are presenting at the conference,...

3 months 21 hours ago | MORE

CrowdStrike Heartbleed Scanner - Update

 

This is a followup to our original blog post for the CrowdStrike Heartbleed Scanner.

Due to popular demand and acting on feedback we have received, today we have updated our free Heartbleed Scanner vulnerability detection tool that was released last Friday. The new version is 1.1.0.0 and is available for download on the Community Tools page.

Here are the main additions and changes:

Added STARTTLS support for common services.Added ability to specify a list of default...
3 months 1 day ago | MORE

*NEW* Community Tool: CrowdStrike Heartbleed Scanner

Since last week, several researchers and security companies have released free web-based scanners for the OpenSSL Heartbleed (CVE-2014-0160) vulnerability independently revealed on April 7th. While these may be great and easy to use tools to determine if your public website may be vulnerable to this issue (although, some have been found not to be very accurate), we realized that there was a largely unmet demand for an easy to use UI tool capable of also scanning the internal networks and non...

3 months 5 days ago | MORE

Continuing Retail Breaches Show Why Cyber is a CEO Issue

*This posting is excerpted from the author’s column in Security magazine

For well over a decade, CEOs have been relegating the operational, legal, reputational and competitive risks associated with cybersecurity to those responsible for Information Technology. Yet, as the recent onslaught of intrusions against retailers confirms, cybersecurity is an enterprise risk management issue that extends beyond the combined efforts of the Chief Information Officer, the Chief Technology Officer,...

3 months 5 days ago | MORE

Mo' Shells Mo' Problems - Network Detection

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our client's privacy and interests, some data has been redacted or sanitized.

In previous posts of this “Mo’ Shells Mo’ Problems” blog series we discussed web shells with specific Deep Panda adversary examples as well as how to detect them within your enterprise using file stacking and web log analysis. This blog entry completes the series with related methodology for...

3 months 3 weeks ago | MORE

Mo' Shells Mo' Problems - Web Server Log Analysis

Disclaimer: CrowdStrike derived this information from investigations in unclassified environments.  Since we value our clients’ privacy and interests, some data has been redacted or sanitized.

Web shells epitomize the hacking tenant of hiding in plain sight.  In a previous post, we showed how a web shell could hide as a single file among thousands present on a web server and as a single line of code in an otherwise legitimate page on a site. The best web shells are not detected by anti...

4 months 5 days ago | MORE