Category BLOG Featured Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report May 14, 2026 Falcon AIDR Detects Threats at the Prompt Layer in Kubernetes AI Applications May 13, 2026 May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs May 12, 2026 Inside CrowdStrike Automated Leads: A Transformative Approach to Threat Detections May 11, 2026 Recent Video Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO] Feb 21, 2019 Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO] Jan 22, 2019 Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO] Aug 20, 2018 Agentic SOC How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem 03/25/26 CrowdStrike Services and Agentic MDR Put the Agentic SOC in Reach 03/24/26 4 Ways Businesses Use CrowdStrike Charlotte AI to Transform Security Operations 03/12/26 Inside the Human-AI Feedback Loop Powering CrowdStrike’s Agentic Security 02/10/26 Cloud & Application Security 05/13/26 CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection Platforms 04/27/26 CrowdStrike Expands Real-Time Cloud Detection and Response to Google Cloud 04/22/26 CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection Threat Hunting & Intel 05/14/26 CrowdStrike Named a Leader in the First-Ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies 05/06/26 CrowdStrike Launches Falcon OverWatch for Defender 05/05/26 Tune In: The Future of AI-Powered Vulnerability Discovery 05/01/26 Endpoint Security & XDR 05/11/26 CrowdStrike Falcon Platform Achieves 441% ROI in Three Years 04/21/26 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management 04/01/26 Enhanced Network Visibility: A Dive into the Falcon macOS Sensor's New Capabilities 03/11/26 Engineering & Tech EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware 09/03/25 Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS 08/20/25 CrowdStrike’s Approach to Better Machine Learning Evaluation Using Strategic Data Splitting 08/11/25 CrowdStrike Researchers Develop Custom XGBoost Objective to Improve ML Model Release Stability 03/20/25 Executive Viewpoint Frontier AI Is Collapsing the Exploit Window.
Here’s How Defenders Must Respond. 04/20/26 Frontier AI for Defenders: CrowdStrike and OpenAI TAC 04/16/26 Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs 04/06/26 The Architecture of Agentic Defense: Inside the Falcon Platform 01/16/26 From The Front Lines CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns 05/04/26 Introducing the CrowdStrike Shadow AI Visibility Service CrowdStrike Flex for Services Expands Access to Elite Security Expertise From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise 03/20/26 Next-Gen Identity Security Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse 03/31/26 CrowdStrike FalconID Brings Phishing-Resistant MFA to Falcon Next-Gen Identity Security 02/26/26 CrowdStrike Named a Customers’ Choice in 2026 Gartner® Peer Insights™ Voice of the Customer for User Authentication 02/12/26 CrowdStrike to Acquire Seraphic to Secure Work in Any Browser 01/13/26 Next-Gen SIEM & Log Management Falcon Next-Gen SIEM Supports Third-Party EDR Tools, Starting with Microsoft Defender 03/23/26 Falcon Next-Gen SIEM Simplifies Onboarding with Sensor-Native Log Collection 03/06/26 Exposing Insider Threats through Data Protection, Identity, and HR Context 02/18/26 How to Scale SOC Automation with Falcon Fusion SOAR 02/11/26 Public Sector CrowdStrike Innovates to Modernize National Security and Protect Critical Systems 03/18/26 Falcon Platform for Government Now Offers Falcon for XIoT to Secure Connected Assets CrowdStrike Achieves FedRAMP® High Authorization 03/19/25 NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model 03/13/25 Exposure Management 05/12/26 April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs 04/14/26 How CrowdStrike Is Accelerating Exposure Evaluation as Adversaries Gain Speed 04/05/26 March 2026 Patch Tuesday: Eight Critical Vulnerabilities and Two Publicly Disclosed Among 82 CVEs Patched 03/10/26 Securing AI CrowdStrike Expands ChatGPT Enterprise Integration with Enhanced Audit Logging and Activity Monitoring 04/28/26 New CrowdStrike Innovations Secure AI Agents and Govern Shadow AI Across Endpoints, SaaS, and Cloud Secure Homegrown AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails 03/19/26 Introducing "AI Unlocked: Decoding Prompt Injection," a New Interactive Challenge Data Security Falcon Data Security Secures Data Wherever It Lives and Moves Falcon Data Protection for Cloud Extends DSPM into Runtime 11/20/25 CrowdStrike Stops GenAI Data Leaks with Unified Data Protection 09/18/25 Q&A: How Mastronardi Produce Secures Innovation with CrowdStrike 02/14/25 Start Free Trial May 11, 2026 Daniel Brown - Thomas Hobson - Amogh Pradeep Last summer we introduced Automated Leads, a transformative approach to threat detection designed to surface the subtle signs of an attack before it turns into a full-blown breach.
It’s powered by Cro[…] CrowdStrike’s Journey in Customizing NVIDIA Nemotron Models for Peak Accuracy and Performance January 05, 2026 Ioana Croitoru - Sophie Chau - Roxana Boriceanu - Chase Midler - Dragos Corlatescu Today’s security teams need AI models that can reason over massive telemetry and support autonomous actions. At CrowdStrike, we're working closely with NVIDIA to operationalize NVIDIA Nemotron open mo[…] How CrowdStrike Trains GenAI Models at Scale Using Distributed Computing December 22, 2025 Andrei Preda - Alexandru Dinu - Florian Stortz - Nathan Nusaputra - Catalin-Andrei Stan Large language models (LLMs) have revolutionized artificial intelligence and are rapidly transforming the cybersecurity landscape.
As these powerful models become commonly used among both attackers an[…] September 03, 2025 Phil Roth CrowdStrike data scientists are members of a team of cybersecurity researchers that recently released EMBER2024, an update to EMBER, the popular open source malware benchmark dataset originally releas[…] August 20, 2025 Maddie Stewart - Suweera De Souza - Ash Leslie - Doug Brown Between June and August 2025, the CrowdStrike Falcon® platform successfully blocked a sophisticated malware campaign that attempted to compromise over 300 customer environments.
The campaign deployed […] August 11, 2025 Josh Sun “Leakage” in machine learning (ML) occurs when data that an ML model should not learn on is included at training time, often in unexpected ways. This can cause overconfidence in ML model training resu[…] March 20, 2025 Michael Slawinski Extreme Gradient Boosting (XGBoost) is a valuable tool for training machine learning (ML) classifiers, which often come with the problem of surprise false positives (FPs) and false negatives (FNs).
Su[…] Byte Back: Next-Generation Malware Classification Using Binary Transformers March 06, 2025 Florian Stortz CrowdStrike researchers have developed a next-gen method to train byte-based Transformer blocks that help models “understand” malware files rather than rely on detecting the presence of markers During[…] Leveraging CrowdStrike Falcon Against Attacks Targeting Okta Environments January 21, 2025 Tony Gore - Justin Schoenfeld As more organizations move to software-as-a-service (SaaS), remote access to applications and data is concentrated among a smaller set of identity providers.
These identity providers, such as Okta, mu[…] Tech Analysis: Channel File May Contain Null Bytes July 24, 2024 CrowdStrike Falcon Sensor Team - Alex Ionescu Key Points CrowdStrike has observed instances internally and in the field in which the content of one or more channel files on disk is all zeroes. This has been observed in the context of a channel fi[…] EMBERSim: A Large-Scale Databank for Boosting Similarity Search in Malware Analysis June 06, 2024 Dragoș Corlătescu - Alexandru Dinu - Mihaela Găman - Paul Sumedrea Binary code similarity (BCS) is an important part of training machine learning (ML) models to effectively analyze vast amounts of cybersecurity telemetry.
However, BCS has historically focused on find[…] CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments April 15, 2024 Christopher Miller CrowdStrike Falcon® Next-Gen SIEM enables companies to search, investigate and hunt down threats, including detection of advanced ransomware targeting VMware ESXi Initial access to the ESXi infrastruc[…] CrowdStrike’s Advanced Memory Scanning Stops Threat Actor Using BRc4 at Telecommunications Customer September 27, 2023 Matt Weiner - Sean Pagano - Shaun Hurley CrowdStrike’s Advanced Memory Scanning detected BRc4 execution in the wild.
CrowdStrike has integrated new indicators of attack (IOAs) for modern endpoint detection and response (EDR) evasion techniqu[…] The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 2 September 01, 2023 Mathilde Venault In the first part of this series, we provided a brief overview of the Windows Restart Manager. In this blog post, we examine how these mechanisms can be exploited by adversaries and review how the Cro[…] The Windows Restart Manager: How It Works and How It Can Be Hijacked, Part 1 August 25, 2023 Mathilde Venault Malware utilizes a multitude of techniques to avoid detection, and threat actors are continuously uncovering and exploiting new methods of attack.
One of the less common techniques includes the exploi[…] How CrowdStrike Uses Similarity-Based Mapping to Understand Cybersecurity Data and Prevent Breaches June 28, 2023 Michael Slawinski CrowdStrike data scientists describe a new similarity paradigm to organize information and make it accessible, searchable and mappable The new similarity-based mapping of cybersecurity data associates[…] Cracking the Code of AI Decision Making: Harnessing the Power of SHAP Values June 13, 2023 Daniel Sava Machine learning explainability ensures that AI models are transparent, trustworthy and accurate Explainability enables data scientists to understand how and why an AI model arrived at a particular de[…] CrowdStrike’s Artificial Intelligence Tooling Uses Similarity Search to Analyze Script-Based Malware Attack Techniques March 23, 2023 Paul Sumedrea The CrowdStrike Falcon® platform leverages similarity search at scale to drive up efficacy PowerShell-based attacks are on the rise and many malware authors save time and effort by using artificial in[…] CrowdStrike’s Free TensorFlow-to-Rust Conversion Tool Enables Data Scientists to Run Machine Learning Models as Pure Safe Code March 03, 2023 Lukasz Woznicki CrowdStrike releases a free tool for data scientists for porting TensorFlow machine learning models to Rust pure safe code The tool, named tf2rust, enables data scientists to create leaner machine lea[…] Spotlight on the Log-Structured Merge (LSM) Tree: One of the Keys Enabling CrowdStrike to Process Trillions of Events per Day November 30, 2022 Brent Nash In a previous post, our team shared our Three Best Practices for Building a High-Performance Graph Database.
That was written two years ago, when CrowdStrike Threat Graph® was processing billions of e[…] Playing Hide-and-Seek with Ransomware, Part 2 October 21, 2022 Mathilde Venault In Part 1, we explained what Intel SGX enclaves are and how they benefit ransomware authors. In Part 2, we explore a hypothetical step-by-step implementation and outline the limitations of this method[…] The Anatomy of Wiper Malware, Part 4: Less Common “Helper” Techniques October 14, 2022 Ioan Iacob - Iulian Madalin Ionita This is the fourth blog post in a four-part series.
Read Part 1 | Part 2 | Part 3. In Part 3, CrowdStrike's Endpoint Protection Content Research Team covered the finer points of Input/Output Control ([…] Playing Hide-and-Seek with Ransomware, Part 1 October 13, 2022 Mathilde Venault Intel SGX technology enables developers to isolate and encrypt a portion of code and data in the processor and memory in a trusted execution environment, known as an enclave.
As enclaves are increasin[…] The Anatomy of Wiper Malware, Part 3: Input/Output Controls September 26, 2022 Ioan Iacob - Iulian Madalin Ionita This is the third blog post in a four-part series. Read Part 1 | Part 2 | Part 4. In Part 1 of this four-part blog series examining wiper malware, the CrowdStrike Endpoint Protection Content Research […] The Anatomy of Wiper Malware, Part 2: Third-Party Drivers August 24, 2022 Ioan Iacob - Iulian Madalin Ionita This is the second blog post in a four-part series.
Read Part 1 | Part 3 | Part 4. In Part 1 of this four-part blog series examining wiper malware, we introduced the topic of wipers, reviewed their re[…] The Anatomy of Wiper Malware, Part 1: Common Techniques August 11, 2022 Ioan Iacob - Iulian Madalin Ionita This is the first blog post in a four-part series. Read Part 2 | Part 3 | Part 4. This blog post is the first in a four-part series in which CrowdStrike’s Endpoint Protection Content Research Team wil[…] Improving CrowdStrike Falcon® Detection Content with the Gap Analysis Team August 08, 2022 Sean Pagano CrowdStrike is always looking for innovative ways to improve detection content for our customers.
We believe a multifaceted approach that combines customer input, standardized testing and internal res[…] A Deep Dive into Custom Spark Transformers for Machine Learning Pipelines July 27, 2022 Jay Luan Modern Spark Pipelines are a powerful way to create machine learning pipelines Spark Pipelines use off-the-shelf data transformers to reduce boilerplate code and improve readability for specific use c[…] CrowdStrike Falcon® Stops Modern Identity-Based Attacks in Chrome June 08, 2022 Eamonn Ryan - Matthew Puckett - Liviu Arsene A novel technique that reduces the overhead in extracting sensitive data from Chromium browser’s memory was recently found by researchers from CyberArk Labs Existing access to the targeted system is r[…] How CrowdStrike Achieves Lightning-Fast Machine Learning Model Training with TensorFlow and Rust June 01, 2022 Ryan Inghilterra CrowdStrike combines the power of the cloud with cutting-edge technologies such as TensorFlow and Rust to make model training hundreds of times faster than traditional approaches CrowdStrike continuou[…] Mirai Malware Variants for Linux Double Down on Stronger Chips in Q1 2022 May 20, 2022 Vlad Ciuleanu According to CrowdStrike research, Mirai malware variants compiled for Intel-powered Linux systems double (101%) in Q1 2022 compared to Q1 2021 Mirai malware variants that targeted 32-bit x86 processo[…] macOS Malware Is More Reality Than Myth: Popular Threats and Challenges in Analysis May 06, 2022 Paul-Danut Urian Ransomware (43% of analyzed threat data), backdoors (35%) and trojans (17%) were the most popular macOS malware categories spotted by CrowdStrike researchers in 2021 OSX.EvilQuest (ransomware), OSX.Fl[…] How Human Intelligence Is Supercharging CrowdStrike's Artificial Intelligence April 08, 2022 Sven Krasser The CrowdStrike Security Cloud processes over a trillion events from endpoint sensors per day, but human professionals play a vital role in providing structure and ground truth for artificial intellig[…] CrowdStrike Falcon® Enhances Fileless Attack Detection with Intel Accelerated Memory Scanning Feature March 03, 2022 Jenny Mankin CrowdStrike introduces accelerated memory scanning into the CrowdStrike Falcon® sensor for Windows to enhance existing visibility and detection of fileless threats The Falcon sensor integrates Intel® […] A More Modern Approach to Logging in Go February 08, 2022 Steve Carlson The Go ecosystem has long relied on the use of third-party libraries for logging.
Logrus, one of the first leveled, structured logging libraries, is now maintenance-only and its developers recommend m[…] Programs Hacking Programs: How to Extract Memory Information to Spot Linux Malware January 27, 2022 Matthew Hartzell Threat actors go to great lengths to hide the intentions of the malware they produce This blog demonstrates reliable methods for extracting information from popular Linux shells Extracted memory infor[…] How a Generalized Validation Testing Approach Improves Efficiency, Boosts Outcomes and Streamlines Debugging December 09, 2021 Radu Baciu - Silviu Badea In two recent blog posts from the CrowdStrike Software Development Engineers in Test (SDET) team, we explored how end-to-end validation testing and modular testing design could increase the speed and […] End-to-end Testing: How a Modular Testing Model Increases Efficiency and Scalability December 03, 2021 Silviu Badea - Radu Baciu In our last post, Testing Data Flows using Python and Remote Functions, we discussed how organizations can use remote functions in Python to create an end-to-end testing and validation strategy.
Here […] Managing Dead Letter Messages: Three Best Practices to Effectively Capture, Investigate and Redrive Failed Messages November 24, 2021 Chris Cannon In a recent blog post, Sharding Kafka for Increased Scale and Reliability, the CrowdStrike Engineering Site and Reliability Team shared how it overcame scaling limitations within Apache Kafka so that […] A Principled Approach to Monitoring Streaming Data Infrastructure at Scale November 17, 2021 Praveen Yedidi Virtually every aspect of a modern business depends on having a reliable, secure, real-time, high-quality data stream.
So how do organizations design, build and maintain a data processing pipeline tha[…] Unexpected Adventures in JSON Marshaling November 17, 2021 Dylan Bourque Recently, one of our engineering teams encountered what seemed like a fairly straightforward issue: When they attempted to store UUID values to a database, it produced an error claiming that the value[…] WebAssembly Is Abused by eCriminals to Hide Malware October 25, 2021 Mihai Maganu CrowdStrike research finds that 75% of the WebAssembly modules are malicious WebAssembly is an open standard that allows browsers to execute compiled programs Cryptocurrency miners boost efficiency by[…] Improving Performance and Reliability of Internal Communication Among Microservices: The Story Behind the Falcon Sandbox Team’s gRPC Journey October 18, 2021 Krzysztof Kochanski The Hybrid Analysis community submits hundreds of thousands of samples for analysis to our systems every day.
Those sample submissions mean our CrowdStrike Falcon® Sandbox™ software must do millions o[…] Development Cost of Porting TensorFlow Models to Pure Rust August 27, 2021 Sebastian Cojocariu In a previous blog post, Building on the Shoulders of Giants: Combining TensorFlow and Rust, we laid out our approach of performing hyperparameter tuning and experimenting with known deep learning fra[…] Re-searching Hyperparameters for Training Boosted Tree Models August 18, 2021 Patrick Crenshaw Introduction While deep neural networks have state-of-the-art performance in many tasks, boosted tree models still often outperform deep neural networks on tabular data.
This largely seems to be the c[…] Addressing Uneven Partition Lag in Kafka July 26, 2021 Luke Hunter - Niveditha Rao - Eric Schow - Thy Ton Many companies choose Apache Kafka for their asynchronous data pipelines because it is robust to traffic bursts, and surges are easily managed by scaling consumers. However, scaling is not helpful whe[…] Shlayer Malvertising Campaigns Still Using Flash Update Disguise July 19, 2021 Aspen Lindblom - Joseph Goodwin - Chris Sheldon Malvertising campaigns delivering Shlayer malware for macOS are still ongoing, despite the patching of a critical zero-day vulnerability (CVE-2021-30657) abused for months to compromise victims by dod[…] Sharding Kafka for Increased Scale and Reliability July 19, 2021 Eric Schow How our engineering team overcame scaling limitations and improved reliability in our high-throughput, asynchronous data processing pipeline Apache Kafka is a high-throughput, low-latency distributed […] Testing Data Flows Using Python and Remote Functions July 01, 2021 Silviu Badea One common challenge facing cloud engineers is how to develop and run tests that are distributed across multiple clusters, teams, environments or services.
The use of new technologies, like containeri[…] CrowdStrike Services Releases AutoMacTC 1.2.0 June 30, 2021 Jai Musunuri - Anthony Martinez - Wayland Morgan The CrowdStrike Services team is excited to announce the release of AutoMacTC 1.2.0 to the community. AutoMacTC was originally released in March 2019 to help incident responders investigate intrusions[…] Preventing Exploitation of the ZIP File Format June 22, 2021 Rich Seymour ZIP files are a known vector for phishing campaigns, ransomware and other malicious action.
Because the format isn’t generally executable (minus self-extracting ZIPs), it hasn’t gotten as much attenti[…] Grafana Alerting in a Multi-cloud World June 16, 2021 Luke Hunter Why “Alerts as Code” is a winning strategy for system maintenance and analysis While running multiple, independent clouds offers organizations many important benefits such as resiliency, flexibility a[…] Know Your Enemy: Exploiting the Dell BIOS Driver Vulnerability to Defend Against It May 26, 2021 Connor McGarr There is a quote from Sun Tzu, “The Art of War,” that remains true to this day, especially in cybersecurity: “Know thy enemy and know yourself; in a hundred battles, you will never be defeated.” At Cr[…] CrowdStrike Falcon® Detects Kernel Attacks Exploiting Vulnerable Dell Driver (CVE-2021-21551) May 17, 2021 Satoshi Tanda Vulnerabilities in the kernel mode component have serious implications on endpoint security.
Operating systems and independent software vendors have been improving the security of code for years, but […] Blocking Fileless Script-based Attacks Using CrowdStrike Falcon®'s Script Control Feature April 29, 2021 Umesh Wanve Fileless and script-based attacks have been low-hanging fruit for years for adversaries, and their versatility has proved effective in sometimes bypassing traditional static-based antivirus solutions.[…] Building on the Shoulders of Giants: Combining TensorFlow and Rust April 22, 2021 Sebastian Cojocariu Deep learning models have undoubtedly achieved astonishing performance in various fields of machine learning, such as natural language processing, voice recognition and computer vision.
The impressive[…] Making Threat Graph Extensible: Leveraging the Intermediate Representation to Generate Go Code (Part 2 of 2) March 31, 2021 Praveen Bathala - Marcus King In our earlier post, Making Threat Graph Extensible: Leveraging a DSL to Improve Data Ingestion (Part 1 of 2), we explored how and why CrowdStrike leverages HCL as a domain-specific language (DSL) in […] Making Threat Graph Extensible: Leveraging a DSL to Improve Data Ingestion (Part 1 of 2) March 24, 2021 Praveen Bathala - Marcus King CrowdStrike processes hundreds of billions of events on a daily basis, which are processed by our custom-built CrowdStrike Threat Graph® database, which leverages cutting-edge security analytics to co[…] The Rise and Fall of WebNavigatorBrowser: Chromium-based Adware Browser March 10, 2021 Aspen Lindblom WebNavigatorBrowser is a web browser that meets the criteria of adware due to its injecting of ads into search results.
The developer based it on Google’s free and open-source browser software project[…] Beefing up the Sandbox (and More): Signature Chaining to Pinpoint More Malware Behaviors March 01, 2021 Greg Dalcher This blog is intended for malware researchers working to develop signatures detecting malware, and engineers developing infrastructure supporting these signatures. At CrowdStrike, we often leverage ma[…] Press #1 to Play: A Look Into eCrime Menu-style Toolkits February 11, 2021 Radu Vlad The year 2020 has seen an accelerated uptick in eCrime activity, as well as an obvious shift in eCrime adversaries engaging in big game hunting (BGH) operations that involve interactive deployment of […] Dealing with Out-of-memory Conditions in Rust January 28, 2021 John Gallagher We recently integrated new functionality into our CrowdStrike Falcon® sensor that was implemented in Rust.
Rust is a relatively young language with several features focused on safety and security. Cal[…] Detecting and Preventing Kernel Attacks January 26, 2021 Blair Foster Any cyberattack can have a significant impact on business operations, but perhaps none are as sophisticated as kernel attacks. Kernel attacks exploit the zero-day operating system vulnerabilities in t[…] Herpaderping: Security Risk or Unintended Behavior?
January 21, 2021 Johnny Shaw The answer to that question often depends on who you ask. By definition, process herpaderping is a hacking technique in which digital adversaries modify on-disk content after the image has been mapped[…] Stellar Performances: How CrowdStrike Machine Learning Handles the SUNSPOT Malware January 20, 2021 Sven Krasser The CrowdStrike® Intelligence team recently published its findings on a sophisticated supply chain attack.
In a nutshell, the adversary planted a malicious file, dubbed SUNSPOT, on the victim’s build […] Testing the Untestable in Java November 23, 2020 Vlad Dolha This blog is primarily aimed at software development engineers in test (SDETs) who are testing Java applications, specifically focusing on how they can tackle an encapsulated, tightly coupled project […] Seeing Malware Through the Eyes of a Convolutional Neural Network November 03, 2020 Mihaela Gaman Motivation Deep learning models have been considered “black boxes” in the past, due to the lack of interpretability they were presented with.
However, in the last few years, there has been a great dea[…] Memorizing Behavior: Experiments with Overfit Machine Learning Models July 29, 2020 Robert Molony In this blog, we present the results of some preliminary experiments with training highly “overfit” (interpolated) models to identify malicious activity based on behavioral data. These experiments wer[…] Python 2to3: Tips From the CrowdStrike Data Science Team July 02, 2020 jpurcell After more than a decade, the sun has set on Python 2.
Love it or hate it, Python 2.7.18 is the final official release — and to remain current with security patches and continue enjoying all of the ne[…] GuLoader: Peering Into a Shellcode-based Downloader June 25, 2020 Umesh Wanve GuLoader, a malware family that emerged in the wild late last year, is written in Visual Basic 6 (VB6), which is just a wrapper for a core payload that is implemented as a shellcode.
It is distributed[…] Three Best Practices for Building a High-Performance Graph Database June 03, 2020 Marcus King and Ralph Caraveo CrowdStrike® employees like to say that there is big data, huge data and our data. To date, we have collected, analyzed and stored more than 15 petabytes of data, generated through hundreds of billion[…] Best Practices: Improving Fault-Tolerance in Apache Kafka Consumer May 20, 2020 Adrian Bledea Georgescu How to effectively manage client-side partial failures, avoid data loss and process errors Apache Kafka is the gold standard for building real-time data pipelines and streaming apps.
Scalable, fault-t[…] Oh No! My Data Science Is Getting Rust-y May 15, 2020 Thomas Dube Python is one of the most popular programming languages for data scientists — and for good reason. The Python Package Index (PyPI) hosts a vast array of impressive data science library packages, such […] CharCNNs and PowerShell Scripts: Yet Another Fight Against Malware April 29, 2020 Mihaela Gaman Malware in the Scripting Landscape Scripting is a well-known means of spreading malware.
Easy to write and often difficult for security solutions to detect, scripts make the perfect tool for attackers[…] Malspam in the Time of COVID-19 April 20, 2020 Ernest Szocs and Ciprian Bejean As the new coronavirus, COVID-19, spreads around the planet, many people are filled with emotions like fear, uncertainty and hope — which are the top ingredients for an effective spam campaign. Cyber […] Convolutional Neural Networks Are MALE Models for PE Malware February 20, 2020 David J.
Elkind Machine learning for computer security has enjoyed a number of recent successes, but these tools aren’t perfect, and sometimes a novel family is able to evade file-based detection. This blog walks you[…] Building a String-Based Machine Learning Model to Detect Malicious Activity February 11, 2020 Patrick Crenshaw and Robert Molony Working with text data (which we often refer to as “strings”) is common in cybersecurity applications.
For example, suppose we have a set of command lines associated with malicious activity, and we wa[…] Gimme Shellter February 06, 2020 Daniel Chipiristeanu and Ernest Szocs Red team penetration testers very often add tools to their arsenal that borrow techniques originating in malicious software. Shellter is such a tool. It was inspired by the EPO and polymorphic file-in[…] Large-Scale Endpoint Security MOLD Remediation January 23, 2020 Calin Miron While adversaries continue to evolve their cyberattacks, CrowdStrike® scientists and engineers keep pushing the boundaries of what’s achievable in malware detection and prevention capabilities.
Some o[…] How We Use Apache Airflow at CrowdStrike, Part 1 January 16, 2020 Judge Hiciano Introduction Machine learning is one of the many tools we use at CrowdStrike® to stop breaches. To do it well, we need enormous amounts of data — and also the tools to process all of this data. In a r[…] Is Measurable Security Possible? October 28, 2019 danbrown My last blog post discussed the rationale for CrowdScore® and outlined its evidence-weighting approach, demonstrating a 10- to 25-fold improvement in the ability to accurately distinguish between mali[…] Hardening Neural Networks for Computer Security Against Adversarial Attack October 18, 2019 David J.
Elkind Machine learning has demonstrated dramatic effectiveness in a wide range of fields, including computer security. However, machine learning for computer security has its weaknesses. This does not mean […] How CrowdStrike Uses SHAP to Enhance Machine Learning Models October 03, 2019 Cynthia Lai At CrowdStrike®, machine learning is a major tool for detecting new malware families and keeping our customers safe.
We utilize gradient boosted trees with thousands of features to classify whether a […] Using Docker to Do Machine Learning at Scale September 13, 2019 jpurcell One key building block we use for scaling our machine learning models at CrowdStrike® is Docker containers. Docker containers let us construct application environments with all the dependencies, tools[…] MITRE ATT&CK: Why Detections and Tainted Telemetry are Required for an Effective EDR Solution December 13, 2018 danbrown Following the MITRE ATT&CK™ Evaluation of endpoint detection and response (EDR) solutions, I've heard a lot of confusion surrounding the various terms MITRE used, particularly the terms "detections,” […] Taking Security to the Next Level: CrowdStrike Now Analyzes over 100 Billion Events Per Day May 23, 2018 Amol Kulkarni From the very beginning, CrowdStrike® set out on its mission to stop breaches by harnessing the power of the cloud.
The cloud has transformed the IT landscape, allowing customers to deploy new service[…] CrowdStrike Machine Learning and VirusTotal August 25, 2016 Sven Krasser Over the past three months, CrowdStrike worked closely with VirusTotal (VT), and we are excited to announce the integration of our anti-malware technology as an additional scanner available to the VT […] Categories CONNECT WITH US FEATURED ARTICLES May 06, 2026 May 05, 2026 SUBSCRIBE Sign up now to receive the latest notifications and updates from CrowdStrike.
Sign Up See CrowdStrike Falcon ® in Action Detect, prevent, and respond to attacks— even malware-free intrusions—at any stage, with next-generation endpoint protection. See Demo Privacy Request Info Contact Us 1.888.512.8906 Accessibility