How Falcon Prevents File-less Attacks in Your Organization
In this video we’ll demonstrate an attack that doesn’t drop malware or require any user interaction. We have identified a vulnerable webserver and passed a command that will drop a webshell and provide access to the system. We then gain access to the system and do some simple reconnaissance to illustrate the visibility that Falcon can provide your organization. We then attempt to run an encoded command that will only run in memory, again making sure to write nothing to disk, and steal credentials. Finally we illustrate how simple it is to contain this compromised server or change the configuration in Falcon to prevent these attacks.
For technical information on installation, policy configuration and more, please visit the CrowdStrike Tech Center.Visit the Tech Center