Managed Threat Hunting Meets the Challenge of the Tenacious Adversary
Dealing with an active, dedicated adversary during an incident is very different than what many consider the more “traditional” incident response process…
From The Front Lines
Your Jenkins Belongs to Us Now: Abusing Continuous Integration Systems
"Continuous integration (CI) is the process of automating the build and testing of code every time a team member commits a change."…
Leveraging Falcon Sandbox to Detect and Analyze Malicious PDFs Containing Zero-Day Exploits
The discovery by security researchers in March 2018 of a PDF sample that contains exploits for two zero-day vulnerabilities has confirmed that…
New Report Offers a Front Line View from Leading Threat Hunters
A new report from the CrowdStrike® Falcon® OverWatch™ team, “Observations from the Front Lines of Threat Hunting,” offers a unique perspective on…
Evaluating Your Organization’s Security Approach: Tips For BOD and C-Level Execs
For the last two decades or more, cybersecurity and its failures have directly impacted organizations’ bottom lines.The call for boards of directors…
Kovter Killer: How to Remediate the APT of Clickjacking
Kovter is a well known form of clickjacking malware that has been around for years. While it is mostly nuisance malware, it…
I Know What You Did Last Month: A New Artifact of Execution on macOS 10.13
Introduction Analysts that perform macOS forensics have had few, if any, artifacts of program execution to rely on during investigations — until…
Visit CrowdStrike at Black Hat 2018
CrowdStrike® is excited to join more than 17,000 security experts in Las Vegas this August for Black Hat USA, one of the…
Spark Hot Potato: Passing DataFrames Between Scala Spark and PySpark
Introduction This blog introduces some of the innovative techniques the CrowdStrike Data Science team is using to address the unique challenges inherent…
Hiding in Plain Sight: Using the Office 365 Activities API to Investigate Business Email Compromises
Update: While this blog post originally covered the Office 365 Activities API, that functionality has been disabled by Microsoft as of Friday,…