Mo’ Shells Mo’ Problems – Network Detection

Mo’ Shells Mo’ Problems – Network Detection

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our client's privacy and interests, some data…

READ MORE
Mo’ Shells Mo’ Problems – Web Server Log Analysis

Mo’ Shells Mo’ Problems – Web Server Log Analysis

Disclaimer: CrowdStrike derived this information from investigations in unclassified environments.  Since we value our clients’ privacy and interests, some data has…

READ MORE
*NEW* Community Tool: CrowdResponse

*NEW* Community Tool: CrowdResponse

At the 2014 RSA Conference in San Francisco, CrowdStrike CTO Dmitri Alperovitch and I presented the security community with a…

READ MORE
Mo’ Shells Mo’ Problems – File List Stacking

Mo’ Shells Mo’ Problems – File List Stacking

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our clients’ privacy and interests, some data…

READ MORE
The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities With 2012 Capstone Turbine Activity

The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity

Two weeks ago, news broke about strategic web compromise (SWC) activity on the website for the U.S. organization, Veterans of…

READ MORE
Details About Apple SSL Vulnerability And IOS 7.0.6 Patch

Details about Apple SSL vulnerability and iOS 7.0.6 patch

On February 21st, 2014 Apple pushed out an emergency SSL security update for iOS (7.0.6). John Costello, CrowdStrike's Sr. SDET Engineer,…

READ MORE
Mo’ Shells Mo’ Problems – Deep Panda Web Shells

Mo’ Shells Mo’ Problems – Deep Panda Web Shells

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our client's privacy and interests, some data…

READ MORE
Post-Snowden Forensics

Post-Snowden Forensics

It has been over six months since Edward Snowden’s unprecedented NSA leaks, and we are still a long way from…

READ MORE
Native Java Bytecode Debugging Without Source Code

Native Java Bytecode Debugging without Source Code

At CrowdStrike, we’ve seen a moderate increase in Java-based malware recently, with Remote Access Tools (RATs) like Adwind becoming increasingly…

READ MORE
Through The Window: Creative Code Invocation

Through the Window: Creative Code Invocation

Recently, while analyzing a targeted attack, CrowdStrike observed an interesting code invocation technique that we want to describe here. This…

READ MORE
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial