Conversation
buherator
buherator
A new post by #CrowdStrike refutes some claims I amplified earlier:
https://www.crowdstrike.com/blog/tech-analysis-addressing-claims-about-falcon-sensor-vulnerability/
Some notes:
- seems CS can't update through middleboxes. This is an unusual design but makes sense IMO (screw middleboxes!)
- "Before loading the channel file from disk, the Falcon sensor verifies that the file contents match the expected hash to detect any local modifications of the file." Sounds like a TOCTOU, but that's just a wild guess
https://www.crowdstrike.com/blog/tech-analysis-addressing-claims-about-falcon-sensor-vulnerability/
Some notes:
- seems CS can't update through middleboxes. This is an unusual design but makes sense IMO (screw middleboxes!)
- "Before loading the channel file from disk, the Falcon sensor verifies that the file contents match the expected hash to detect any local modifications of the file." Sounds like a TOCTOU, but that's just a wild guess
0
0
1