Security Hot Takes: The CrowdStrike Outage
The CrowdStrike Falcon outage was not a cyberattack — it was a software quality and release-engineering failure with the blast radius of one, because the defective component ran with kern...
This module is a technical post-mortem and after-action discussion of the CrowdStrike Falcon content-update outage, examining what happened, why it happened, and what it means for the security and IT industry as a whole.
At a high level, a routine content update pushed by CrowdStrike to its Falcon sensor — the kernel-level endpoint detection and response (EDR) agent installed on customer endpoints — contained a logic error. Because the affected component ran with kernel-level privileges on Windows, the error caused an operating system crash (the "Blue Screen of Death," or BSOD) on every affected Windows machine. Because the update was pushed automatically and simultaneously to a huge global installed base, the crash occurred nearly simultaneously across millions of endpoints worldwide, taking down business-critical systems across nearly every industry sector.
It was a defect in a routine, frequently-shipped detection-content update — conceptually similar to an antivirus signature update — that had a logic flaw with catastrophic consequences due to the privilege level at which it executed.
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
3 sections- 1 Table of Contents
- 2 Module 1: The CrowdStrike Falcon Sensor Outage
- 3 Summary
More Security Hot Takes & Threat Intel courses
View all 21Hot Takes: Inside a Microsoft Ransomware Attack
The Marks & Spencer incident is a textbook example of how modern ransomware operations succeed by targeting identity infrastructure and virtualization hosts rather than individual endpoin...
IT Security Champion: Cyber Threat Intel and Emerging Threats
Security is everyone's job — not solely the responsibility of the security department. Adopting a security culture and a security mindset is the foundation of being an effective IT securi...
Security Hot Takes: The LastPass Breach
The LastPass breach is actually two distinct but connected security incidents, separated by several months, with confusing and inconsistent public communication from the company throughou...
Sandworm: Application Layer Protocol and Web Emulation
Command and control is the connective tissue of nearly every intrusion that progresses beyond initial access — without it, an attacker cannot issue commands, move laterally, or exfiltrate...
Security Hot Takes: SBOMs
security · hot · takes · sboms · threat · intel · networking · systems · sbom · bills · materials · concept · debate · mandate · software.
Security Hot Takes: The Aliquippa Water Breach
The Aliquippa Water Authority breach is a case study in how a basic, avoidable systems-integration failure — not a sophisticated exploit — can expose critical infrastructure to compromise...
Interested in this course?
Contact us to book it or get a custom training plan for your team.