Conversation
OK I think this (via @cR0w) deserves some more attention ( #CrowdStrike CVE-2025-1146):

https://www.crowdstrike.com/security-advisories/cve-2025-1146/

In short, Crowd Strike agents on Linux can be MitM'd when they connect to their mothership (CS cloud).

My first Q is: what exactly is delivered to Falcon sensors from the CS cloud?

I present my second Q as a meme for higher reach:
1
5
15

@buherator @cR0w

CrowdStrike identified this issue through our longstanding, rigorous security review process


Well I'm glad this is going well

1
0
0
@silverwizard @cR0w To be fair, they could've pushed a silent patch...
0
0
2
@cR0w @silverwizard PR has to show their worth, I'm pretty sure this wasn't composed by the offensive team
0
0
2
@cR0w @buherator Especially after the recent review of their patching process
0
0
0