Mo’ Shells Mo’ Problems – Web Server Log Analysis
Disclaimer: CrowdStrike derived this information from investigations in unclassified environments. Since we value our clients’ privacy and interests, some data has…
*NEW* Community Tool: CrowdResponse
At the 2014 RSA Conference in San Francisco, CrowdStrike CTO Dmitri Alperovitch and I presented the security community with a…
Mo’ Shells Mo’ Problems – File List Stacking
Disclaimer: CrowdStrike derived this information from investigations in non-classified environments. Since we value our clients’ privacy and interests, some data…
The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity
Two weeks ago, news broke about strategic web compromise (SWC) activity on the website for the U.S. organization, Veterans of…
Details about Apple SSL vulnerability and iOS 7.0.6 patch
On February 21st, 2014 Apple pushed out an emergency SSL security update for iOS (7.0.6). John Costello, CrowdStrike's Sr. SDET Engineer,…
Mo’ Shells Mo’ Problems – Deep Panda Web Shells
Disclaimer: CrowdStrike derived this information from investigations in non-classified environments. Since we value our client's privacy and interests, some data…
Native Java Bytecode Debugging without Source Code
At CrowdStrike, we’ve seen a moderate increase in Java-based malware recently, with Remote Access Tools (RATs) like Adwind becoming increasingly…
Through the Window: Creative Code Invocation
Recently, while analyzing a targeted attack, CrowdStrike observed an interesting code invocation technique that we want to describe here. This…
Actionable Indicators for Detection of Signs of Compromise from Target-related Breaches
A lot of press stories and blogs have been written about the Target breach in the last month after Brian…
Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)
In this last part of our series on protected processes in Windows 8.1, we’re going to be taking a look…