360 SOC, Inc.’s Post

🔧 Quick Fix for the CrowdStrike BSOD Issue Affecting Major Companies 🛠️ We're aware that many organizations are currently facing significant disruptions due to the CrowdStrike BSOD issue. Although we aren't deeply entrenched in compliance and policy matters, we want to suggest a potential workaround that could help get your machines up and running again. 🚨 Disclaimer: This is a temporary solution and may have risks. Please consult with your IT team before proceeding. Reboot your machine into the BSOD screen. Navigate to Troubleshoot > Advanced Options > Command Prompt. Run the following command: "move C:\Windows\System32\drivers\CrowdStrike C:\Windows\System32\drivers\CrowdStrike.bak" This action should move the problematic CrowdStrike driver, allowing your systems to boot up. Again, this is a temporary measure to mitigate the impact and get operations back on track. 🛡️ Important: Ensure your IT team is aware and can assess any potential risks. This is not a permanent fix but a step towards stability while a comprehensive solution is being developed. #TechSupport #ITSolutions #CrowdStrike #BSOD #BusinessContinuity #TechTips

CrowdStrike Fiasco: A Wake-Up Call for Agent-Based Tools The recent CrowdStrike update disaster took down millions of Windows PCs, grounding flights and disrupting major services globally. This incident highlights a nuanced point: the risks of solely relying on agent-based tools. Faddom is an agentless, passive, read-only solution that provides valuable insights without risking your system's stability. Unlike agent-based tools, it can't mess up your operations because it doesn't interfere with them. Let's rethink our approach and opt for solutions that keep our systems safe and stable. #CrowdStrike #Faddom #ITSecurity #AgentlessTools #TechTrends

🚨 Alert! 🚨 We've identified a recent issue causing Windows crashes following the latest CrowdStrike Falcon agent update. If you're experiencing an outage, please follow these simple steps to resolve the problem. #TGCSB #Alert #Outage

 "How to Fix BSOD affected by CrowdStrike?" Here's a detailed guide on how to address this issue:

The solution...

@microsoft is slowly (and quite silently) working on fixing #shadowbunny that i reported a bit more than a year ago. Device isolation in WSL2 is now working, and logs are sent to Defender portal. There is even a tag that can help you identificeret installations (WSL2), allthough not fully reliable yet. Web application filter and defender Smartscreen can still be circumvented. But, all in all, happy to see these improvements (even though my report wasnt acknowledged). Hint: create custom detection rules and actions you want to take when WSL2 is used in a way you dont want on your network! Link to my presentation at bSidesCPH last year: https://lnkd.in/dcmtKvkF

CrowdStrike Outage Detailed RCA in attached report. "In February 2024, CrowdStrike introduced a new sensor capability to enable visibility into possible novel attack techniques that may abuse certain Windows mechanisms. This capability pre-defined a set of fields for Rapid Response Content to gather data.On July 19, 2024, a Rapid Response Content update was delivered to certain Windows hosts, evolving the new capability first released in February 2024. The sensor expected 20 input fields, while the update provided 21 input fields. In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash. Our analysis, together with a third-party review, confirmed this bug is not exploitable by a threat actor." #CrowdStrike_Outage #RCA #ChannelFile291 #RRC #OutOfBoundsMemoryRead #InputValidation #SoftwareTesting

Is your IT Team struggling with continuous endpoint misconfiguration and vulnerability remediations? Until GYTPOL, manual fixes were the only option, which proved unworkable at scale. GYTPOL now provides immediate automated remediation capabilities. GYTPOL constantly updates and assists customers and CrowdStrike. #BSOD was no exception... Find out more: https://lnkd.in/dhEm4-k4

How does #ThreatLocker react to a #bruteforceattack? Craig Stevenson, Dir. of ThreatLocker Ops, breaks down how you can mitigate the mayhem these cyberattacks can cause in this webinar recording. #rdpcontrol #networkcontrol #defaultdeny

🔐 Namespace collisions might sound like an obscure issue, but the risks are real—and costly! 🌐 With the rise of new top-level domains, your internal networks could be exposed, leading to data breaches and massive financial losses. This blog breaks down the risks of namespace collisions and how AppViewX AVX ONE can help mitigate them with smart #DNS management and role-based access control. Learn more. 👇