Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Sa 20.07.2024 00:00:27 274.717 -1 5.688.145 20,7 mastodon.cloud 4.1.18 500 Fr 19.07.2024 14:01:13 274.718 +1 5.686.903 20,7 mastodon.cloud 4.1.18 500 Do 18.07.2024 00:01:09 274.717 +13 5.685.656 20,7 mastodon.cloud 4.1.18 500 Mi 17.07.2024 00:01:11 274.704 -89 5.683.927 20,7 mastodon.cloud 4.1.18 500 Di 16.07.2024 00:01:10 274.793 +9 5.682.045 20,7 mastodon.cloud 4.1.18 500 Mo 15.07.2024 00:00:52 274.784 +6 5.680.379 20,7 mastodon.cloud 4.1.18 500 So 14.07.2024 00:01:08 274.778 +3 5.678.984 20,7 mastodon.cloud 4.1.18 500 Sa 13.07.2024 00:01:06 274.775 +6 5.677.642 20,7 mastodon.cloud 4.1.18 500 Fr 12.07.2024 00:01:50 274.769 +11 5.677.017 20,7 mastodon.cloud 4.1.18 500 Do 11.07.2024 00:01:05 274.758 0 5.675.378 20,7 mastodon.cloud 4.1.18 500
Steve Wart (@swart) · 11/2022 · Tröts: 4.279 · Folger: 124
Sa 20.07.2024 02:39
Looking to verify this claim...
Throwaway account... CrowdStrike in this context is a NT kernel loadable module (a .sys file) which does syscall level interception and logs then to a separate process on the machine. It can also STOP syscalls from working if they are trying to connect out to other nodes and accessing files they shouldn't be (using some drunk ass heuristics). What happened here was they pushed a new kernel driver out to every client without authorization to fix an issue with slowness and latency that was in the previous Falcon sensor product. They have a staging system which is supposed to give clients control over this but they pissed over everyone's staging and rules and just pushed this to production. This has taken us out and we have 30 people currently doing recovery and DR. Most of our nodes are boot looping with blue screens which in the cloud is not something you can just hit F8 and remove the driver. We have to literally take each node down, attach the disk to a working node, delete the .sys file and bring it up. Either that or bring up a new node entirely from a snapshot. This is fine but EC2 is rammed with people doing this now so it's taking forever. Storage latency is through the roof. I fought for months to keep this shit out of production because of this reason. I am now busy but vindicated. Edit: to all the people moaning about windows, we've had no problems with Windows. This is not a windows issue. This is a third party security vendor shitting in the kernel.
[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0