Identity Protection
CrowdStrike Named Overall Leader in Industry’s First ITDR Comparative Report
The industry’s first identity detection and response (ITDR) analyst report names CrowdStrike an Overall Leader and a “cyber industry force.” In KuppingerCole Leadership Compass, Identity Threat Detect[…]
CrowdStrike Extends Identity Security Capabilities to Stop Attacks in the Cloud
Two recent Microsoft breaches underscore the growing problem of cloud identity attacks and why it's critical to stop them. While Microsoft Active Directory (AD) remains a prime target for attackers, c[…]
Falcon Fund in Focus: Aembit Strengthens Security for Workload-to-Workload Access
The rise of distributed cloud services and the omnipresence of APIs has caused cloud-native application architecture to become highly fragmented. Enforcing secure access is a critical step in strength[…]
Identity Threat Hunting: How CrowdStrike Counter Adversary Operations Is Leading the Charge
It's 10:30 p.m. and you're heading to bed. Unfortunately, a threat actor has your organization in their crosshairs. While you’re brushing your teeth, they’re crafting a social engineering email to pil[…]
Endpoint and Identity Security: A Critical Combination to Stop Modern Attacks
Today’s adversaries increasingly use compromised credentials to breach target environments, move laterally and cause damage. When attackers are logging in — not breaking in — legacy endpoint security […]
Adversaries Can “Log In with Microsoft” through the nOAuth Azure Active Directory Vulnerability
On June 20, 2023, Descope published research detailing how a combination of a flaw in Azure Active Directory and poorly integrated third-party applications — dubbed “nOAuth” — could lead to full accou[…]
Relentless Threat Activity Puts Identities in the Crosshairs
One set of valid employee credentials can provide an adversary with all they need to log into a business, move laterally, escalate privileges and achieve their goals — whether that’s removing access t[…]
CrowdStrike Extends Identity Security Innovations to Protect Customers and Stop Breaches
From the CISO perspective, identity security is one of the top security challenges, driven by the adversary’s increased use of stolen credentials to target and infiltrate organizations. The data bears[…]
Attackers Set Sights on Active Directory: Understanding Your Identity Exposure
Eighty percent of modern attacks are identity-driven. Why would an attacker hack into a system when they can simply use stolen credentials to masquerade as an approved user and log in to the target or[…]
9 Ways a CISO Uses CrowdStrike for Identity Threat Protection
Identity isn’t a security problem — it’s the security problem. This was the takeaway from my recent meeting with a local government CISO in the Washington, D.C. area. Tasked with protecting infrastruc[…]
CrowdStrike at Oktane22: Celebrating Our Best-in-Class Partnership and Empowering Customers to Secure Identities
We’re proud to announce that CrowdStrike was awarded Okta's Workforce Identity Cloud Technology Partner of the Year Award today at the start of Oktane22. The award is a testament to the durability of […]
Consolidated Identity Protection in a Unified Security Platform Is a Must-Have for the Modern SOC
As cyberattacks continue to grow relentlessly, enterprises have to continue improving their cyber defenses to stay one step ahead of the adversaries. One area that CISOs have recently started paying m[…]
Detecting and Mitigating NTLM Relay Attacks Targeting Microsoft Domain Controllers
Adversaries often exploit legacy protocols like Windows NTLM that unfortunately remain widely deployed despite known vulnerabilities. Previous CrowdStrike blog posts have covered critical vulnerabilit[…]
Falcon Platform Identity Protection Shuts Down MITRE ATT&CK Adversaries
“We were asked to disable identity protection capabilities to let the testing proceed — and still achieved 100% prevention.” The weeks following the release of the MITRE Engenuity ATT&CK Evaluation ca[…]
Buying IAM and Identity Security from the Same Vendor? Think Again.
With the growing risk of identity-driven breaches, as seen in recent ransomware and supply chain attacks, businesses are starting to appreciate the need for identity security. As they assess how best […]
The Easy Solution for Stopping Modern Attacks
Modern cyberattacks are multifaceted, leveraging different tools and techniques and targeting multiple entry points. As noted in the CrowdStrike 2022 Global Threat Report, 62% of modern attacks do not[…]
How a Strong Identity Protection Strategy Can Accelerate Your Cyber Insurance Initiatives
The growth in frequency and severity of cyberattacks has caused organizations to rethink their security strategies. Major recent security threats, such as high-profile ransomware attacks and the Log4S[…]
Reinventing Managed Detection and Response (MDR) with Identity Threat Protection
The modern threat landscape continues to evolve with an increase in attacks leveraging compromised credentials. An attacker with compromised credentials too frequently has free reign to move about an […]
noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds
What Happened? Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalati[…]
Microsoft Active Directory Supply Chain Compromise Reflects Shifting Adversary Tactics to Exploit Identity
Microsoft is having a bad month year. The industry has faced a crisis of trust with numerous challenges over the past year in securing Active Directory (AD), the IT foundation of most organizations. T[…]
Security Advisory: MSRPC Printer Spooler Relay (CVE-2021-1678)
On Patch Tuesday, January 12, 2021, Microsoft released a patch for CVE-2021-1678, an important vulnerability discovered by CrowdStrike® researchers. This vulnerability allows an attacker to relay NTLM[…]
Six Tips for Securing Privileged Accounts in the Enterprise
This blog was originally published on March 2, 2018. Protecting privileged accounts and actively responding to any potential compromises has become a critical initiative for many CISOs. Stolen credent[…]
Your Session Key Is My Session Key: How to Retrieve the Session Key for Any Authentication
This blog was originally published on June 11, 2019. As announced in our recent security advisory, Preempt (now CrowdStrike) researchers discovered a critical vulnerability that allows attackers to re[…]
How to Easily Bypass EPA to Compromise Any Web Server that Supports Windows Integrated Authentication
This blog was originally published on June 11, 2019. Researchers from Preempt (now CrowdStrike), have discovered how to bypass the Enhanced Protection for Authentication (EPA) mechanism to successfull[…]
Critical Vulnerabilities in NTLM Allow Remote Code Execution and Cloud Resources Compromise
This blog was originally published on June 11, 2019. On June 2019 Patch Tuesday, Microsoft released patches for CVE-2019-1040 and CVE-2019-1019, two vulnerabilities discovered by Preempt (now CrowdStr[…]
Critical Vulnerability in CredSSP Allows Remote Code Execution on Servers Through MS-RDP
This blog was originally published on March 13, 2018. On March Patch Tuesday, Microsoft released a patch for CVE-2018-0886, a vulnerability discovered by Preempt (now CrowdStrike) researchers. The vul[…]
Zerologon (CVE-2020-1472): An Unauthenticated Privilege Escalation to Full Domain Privileges
This blog was originally published on September 18, 2020. On August 11, 2020 Microsoft released a security update including a patch for a critical vulnerability in the NETLOGON protocol (CVE-2020-1472[…]
Red Flag Alert: Service Accounts Performing Interactive Logins
This blog was originally published on August 29, 2019. In the world of identity and access security, experts focus on end-user accounts as the weak vector most vulnerable to attackers. On the contrary[…]
Active Directory Open to More NTLM Attacks: Drop The MIC 2 (CVE 2019-1166) and Exploiting LMv2 Clients (CVE-2019-1338)
This blog was originally published on October 8, 2019. On October 8, 2019, aka Patch Tuesday, Microsoft released patches for CVE 2019-1166 and CVE-2019-1338 — two important vulnerabilities discovered […]
Integer Overflow in Active Directory (CVE-2020-1267)
This blog was originally published on July 14, 2020. On July 14, 2020 Patch Tuesday, Microsoft released a patch for CVE-2020-1267, an important vulnerability in the Active Directory (AD) identity stor[…]
Maze Ransomware Analysis and Protection
This blog was originally published on May 15, 2020. Maze ransomware is a malware targeting organizations worldwide across many industries. It is believed that Maze operates via an affiliated network w[…]
From the Archives: Drop the MIC — CVE-2019-1040
This blog was originally published on June 11, 2019. As announced in our recent security advisory on CVE-2019-1040, Preempt (now CrowdStrike) researchers discovered how to bypass the MIC (Message Inte[…]
Catching BloodHound Before It Bites
This blog was originally published on August 6, 2020. BloodHound is a public and freely available attack path discovery tool which uses graph theory to map the relationships in an Active Directory (AD[…]