Hunting Badness on OS X with CrowdStrike's Falcon Host Real-Time Forensic Capabilities

In this blog post, we’ll take a look at an example of a typical targeted attack with OS X malware as well as discover how to hunt for it in CrowdStrike’s Falcon Host Endpoint Activity Monitoring (EAM) application. One of the most unique features of this solution is that we don’t need to waste time or impact system performance by running any type of incident response script on the host. Using EAM negates the extra work of tracking down a computer, making sure it is on, dealing with possible...

4 months 1 week ago | MORE

Business as Usual?

The rollercoaster ride that represents cyber negotiations between the U.S. and China reached both new heights and lows Monday as the U.S. Department of Justice (DOJ) indicted five members of China’s People’s Liberation Army (PLA) Unit 61398 for committing cyber espionage against several U.S. corporations. The landmark indictment was the first time criminal charges have been filed against known state actors for hacking. Accompanying the public announcement of the indictment, the U.S. Federal...

4 months 2 weeks ago | MORE

New CrowdResponse Modules

During his talk at this year’s RSA conference, George Kurtz introduced a new free community tool named CrowdResponse.   CrowdResponse is a robust data-gathering platform that we intend to continue improving with new modules and data acquisition capabilities.  Today we are releasing three additional modules for CrowdResponse – Drivers, Handles, and Strings. These modules focus on memory analysis and are extremely pertinent to detecting much of the malware that we have been discussing lately...

4 months 2 weeks ago | MORE

Cat Scratch Fever: CrowdStrike Tracks Newly Reported Iranian Actor as FLYING KITTEN

Today, our friends at FireEye released a report on an Iran-based adversary they are calling Saffron Rose. CrowdStrike Intelligence has also been tracking and reporting internally on this threat group since mid-January 2014 under the name FLYING KITTEN, and since that time has seen targeting of multiple U.S.-based defense contractors as well as political dissidents.

Flying Kitten Targeted Intrusion

FireEye’s report notes that this adversary’s targeted intrusion activity consists...

4 months 3 weeks ago | MORE

Coming Up: USA CyberCrime Conference

CrowdStrike is pleased to participate in the upcoming United States Cyber Crime Conference 2014!  Previously known as the US DoD Cyber Crime Conference, this event has a long history of bringing together a diverse crowd from law enforcement, defense, legal and commercial incident response teams.  If you are attending the conference, there will be many opportunities to meet the CrowdStrike team.  Several members of our consulting and managed services team are presenting at the conference,...

5 months 2 weeks ago | MORE

CrowdStrike Heartbleed Scanner - Update


This is a followup to our original blog post for the CrowdStrike Heartbleed Scanner.

Due to popular demand and acting on feedback we have received, today we have updated our free Heartbleed Scanner vulnerability detection tool that was released last Friday. The new version is and is available for download on the Community Tools page.

Here are the main additions and changes:

Added STARTTLS support for common services.Added ability to specify a list of default...
5 months 2 weeks ago | MORE

*NEW* Community Tool: CrowdStrike Heartbleed Scanner

Since last week, several researchers and security companies have released free web-based scanners for the OpenSSL Heartbleed (CVE-2014-0160) vulnerability independently revealed on April 7th. While these may be great and easy to use tools to determine if your public website may be vulnerable to this issue (although, some have been found not to be very accurate), we realized that there was a largely unmet demand for an easy to use UI tool capable of also scanning the internal networks and non...

5 months 3 weeks ago | MORE

Continuing Retail Breaches Show Why Cyber is a CEO Issue

*This posting is excerpted from the author’s column in Security magazine

For well over a decade, CEOs have been relegating the operational, legal, reputational and competitive risks associated with cybersecurity to those responsible for Information Technology. Yet, as the recent onslaught of intrusions against retailers confirms, cybersecurity is an enterprise risk management issue that extends beyond the combined efforts of the Chief Information Officer, the Chief Technology Officer,...

5 months 3 weeks ago | MORE

Mo' Shells Mo' Problems - Network Detection

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our client's privacy and interests, some data has been redacted or sanitized.

In previous posts of this “Mo’ Shells Mo’ Problems” blog series we discussed web shells with specific Deep Panda adversary examples as well as how to detect them within your enterprise using file stacking and web log analysis. This blog entry completes the series with related methodology for...

6 months 1 week ago | MORE