Finding Waldo: Leveraging the Apple Unified Log for Incident Response
As of macOS 10.12 Sierra, incident responders have been able to turn to a new endpoint log source for investigative answers: the…
As of macOS 10.12 Sierra, incident responders have been able to turn to a new endpoint log source for investigative answers: the…
In Part 1 of this two-part blog series, we addressed binary exploitation on Windows systems, including some legacy and contemporary mitigations that…
In Part 1 of this two-part “Tales from the Trenches” blog, we examined a stealthy Remote Desktop Protocol (RDP) intrusion uncovered by…
Welcome to the CrowdStrike® Falcon CompleteTM team’s first “Tales from the Trenches” blog, where we describe a recent intrusion that shows how…
Memory corruption exploits have historically been one of the strongest accessories in a good red teamer's toolkit. They present an easy win…
Over the past year, CrowdStrike® Services has observed threat actors increasingly targeting macOS environments — and using relatively unsophisticated methods to gain…
Since January 2020, the CrowdStrike® Falcon OverWatch™ managed threat hunting team has observed an escalation in hands-on-keyboard activity. The COVID-19 pandemic has…
This is Part 2 in a two-part blog series covering the CrowdStrike® Falcon Complete™ team’s ability to remotely remediate “TrickBot,” a modular…
The combination of commodity banking malware and ransomware is nothing new in the threat landscape. Adversaries continue to develop new tactics that…
Companies are increasingly relying on cloud-based infrastructure, especially as more of their employees are working remotely — and may continue to do…