RECENT ARTICLES

Mo’ Shells Mo’ Problems – Web Server Log Analysis

Mo’ Shells Mo’ Problems – Web Server Log Analysis

Disclaimer: CrowdStrike derived this information from investigations in unclassified environments.  Since we value our clients’ privacy and interests, some data has…

READ MORE
*NEW* Community Tool: CrowdResponse

*NEW* Community Tool: CrowdResponse

At the 2014 RSA Conference in San Francisco, CrowdStrike CTO Dmitri Alperovitch and I presented the security community with a…

READ MORE
Mo’ Shells Mo’ Problems – File List Stacking

Mo’ Shells Mo’ Problems – File List Stacking

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our clients’ privacy and interests, some data…

READ MORE
The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities With 2012 Capstone Turbine Activity

The French Connection: French Aerospace-Focused CVE-2014-0322 Attack Shares Similarities with 2012 Capstone Turbine Activity

Two weeks ago, news broke about strategic web compromise (SWC) activity on the website for the U.S. organization, Veterans of…

READ MORE
Details About Apple SSL Vulnerability And IOS 7.0.6 Patch

Details about Apple SSL vulnerability and iOS 7.0.6 patch

On February 21st, 2014 Apple pushed out an emergency SSL security update for iOS (7.0.6). John Costello, CrowdStrike's Sr. SDET Engineer,…

READ MORE
Mo’ Shells Mo’ Problems – Deep Panda Web Shells

Mo’ Shells Mo’ Problems – Deep Panda Web Shells

Disclaimer: CrowdStrike derived this information from investigations in non-classified environments.  Since we value our client's privacy and interests, some data…

READ MORE
Native Java Bytecode Debugging Without Source Code

Native Java Bytecode Debugging without Source Code

At CrowdStrike, we’ve seen a moderate increase in Java-based malware recently, with Remote Access Tools (RATs) like Adwind becoming increasingly…

READ MORE
Through The Window: Creative Code Invocation

Through the Window: Creative Code Invocation

Recently, while analyzing a targeted attack, CrowdStrike observed an interesting code invocation technique that we want to describe here. This…

READ MORE
Actionable Indicators For Detection Of Signs Of Compromise From Target-related Breaches

Actionable Indicators for Detection of Signs of Compromise from Target-related Breaches

A lot of press stories and blogs have been written about the Target breach in the last month after Brian…

READ MORE
Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)

Protected Processes Part 3: Windows PKI Internals (Signing Levels, Scenarios, Signers, Root Keys, EKUs & Runtime Signers)

In this last part of our series on protected processes in Windows 8.1, we’re going to be taking a look…

READ MORE
 

Try CrowdStrike Free for 15 Days Get Started with A Free Trial