Leveraging Falcon Sandbox to Detect and Analyze Malicious PDFs Containing Zero-Day Exploits
The discovery by security researchers in March 2018 of a PDF sample that contains exploits for two zero-day vulnerabilities has confirmed that…
From The Front Lines
New Report Offers a Front Line View from Leading Threat Hunters
A new report from the CrowdStrike® Falcon® OverWatch™ team, “Observations from the Front Lines of Threat Hunting,” offers a unique perspective on…
Kovter Killer: How to Remediate the APT of Clickjacking
Kovter is a well known form of clickjacking malware that has been around for years. While it is mostly nuisance malware, it…
I Know What You Did Last Month: A New Artifact of Execution on macOS 10.13
Introduction Analysts that perform macOS forensics have had few, if any, artifacts of program execution to rely on during investigations — until…
Visit CrowdStrike at Black Hat 2018
CrowdStrike® is excited to join more than 17,000 security experts in Las Vegas this August for Black Hat USA, one of the…
Spark Hot Potato: Passing DataFrames Between Scala Spark and PySpark
Introduction This blog introduces some of the innovative techniques the CrowdStrike Data Science team is using to address the unique challenges inherent…
Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises
Update: While this blog post originally covered the Office 365 Activities API, that functionality has been disabled by Microsoft as of Friday,…
An In-Depth Analysis of Samsam Ransomware and BOSS SPIDER
Introduction This analysis provides an in-depth view of the Samsam ransomware, which is developed and operated by the actor tracked by CrowdStrike®…
Trying to Dance the Samba: An Exercise in Weaponizing Vulnerabilities
Introduction This blog tells the story of a failed Samba exploitation attempt. The goal was to assess what it would take for…
Hidden Administrative Accounts: BloodHound to the Rescue
Defending an organization from today’s sophisticated attacks is no easy task. It often requires security teams to be ready at a moment’s…