The Evolution of Protected Processes Part 2: Exploit/Jailbreak Mitigations, Unkillable Processes and Protected Services
In this continuing series on the improvements of the protected process mechanism in Windows, we’ll move on past the single…
Analysis of a CVE-2013-3906 Exploit
Many of CrowdStrike’s customers are often targeted by email phishing campaigns and strategic web compromises (also known as watering-hole attacks).…
The Evolution of Protected Processes – Part 1: Pass-the-Hash Mitigations in Windows 8.1
It was more than six years ago that I first posted on the concept of protected processes, making my opinion of this poorly…
KASLR Bypass Mitigations in Windows 8.1
As some of you may know, back in June of 2013, I gave a talk at Recon, a security conference in Montreal, about…
Adwind RAT Rebranding
In November, 2013, the popular and widely used Java RAT named Adwind began being sold under the new name UNRECOM…
VICEROY TIGER Delivers New Zero-Day Exploit
On November 5, 2013, Microsoft announced that a vulnerability in the Microsoft Graphics Component could allow Remote Code Execution (RCE). This announcement…
Mitigating Pass the Hash (PtH)
To look back one year in the life of technology is a long time, so 16 years could be considered…
DNS – The Lifeblood of your Domain
As the situation on the ground in Syria continues to deteriorate, the Syrian Electronic Army (SEA) has made quite a…
Attending Black Hat USA 2013?
Attending Black Hat USA 2013? From briefings and trainings to adversary detections and book signings, CrowdStrike will be there in…
Rare Glimpse into a Real-Life Command-and-Control Server
Recently, CrowdStrike has been tracking the activities of an adversary we’ve named Viceroy Tiger. During our research, we happened upon…