We’ve reached the part of the brand cycle where people are using CrowdStrike as an excuse https://www.theverge.com/2024/8/2/24212298/mrbeast-beast-games-crowdstrike
Top-level
We’ve reached the part of the brand cycle where people are using CrowdStrike as an excuse https://www.theverge.com/2024/8/2/24212298/mrbeast-beast-games-crowdstrike 3 comments
Previously on Crowdstrike Falcon vulnerability research, check out this timeline where they tried to use NDAs to avoid disclosure, then fixed it without telling anybody. https://modzero.com/modlog/archives/2022/08/22/ridiculous_vulnerability_disclosure_process_with_crowdstrike_falcon_sensor/index.html @GossiTheDog I had a similar experience with Microsoft. A junior colleague found a 1-click exploit in Skype for Linux. We reported it. We didn't want any bounty money - just to be assigned a CVE that we could include in our paper. Microsoft's response was essentially "it's not an RCE, go away". Then they silently fixed it, without crediting us. Never every doing the "responsible disclosure" dance with Microsoft ever again. |
360 takes a look at the Crowdstrike kernel drivers - finds they implement an eBPF like system, contain a wide attack surface, don’t check validity of update files (eg no signing of updates) and claim they contain conditions for LPE and RCE vulnerabilities. https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
Before people write this off as ‘the Chinese’, I’ll give you a hint: there really, really should be security research about the security of security products across all vendors. I’ve seen things.
360 takes a look at the Crowdstrike kernel drivers - finds they implement an eBPF like system, contain a wide attack surface, don’t check validity of update files (eg no signing of updates) and claim they contain conditions for LPE and RCE vulnerabilities. https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ