kankan326
Full Member
- Dec 23, 2023
- 316
- 170
- Country of Origin
- Country of Residence
Decoupling with China is not all bad
Planes grounded as mass worldwide IT outage hits airlines, media and banks
- Thread starter Dalit
- Start date
There is good and bad sides for China's decision to ditch windows for chinese home grown Linux derivatives, but the issue is Linux is also not so prefect, crowd strike is an essential edr solution it designed to prevent hackers, when you move to a closed source operating system that have Very finate number of development circles targeting these operating system became easy for hackers, I can give you an example in 2014 some regional government in Italy decided to push Linux based os as daily driver for administrative work then during the time of covid this section had a breach, beach which affected huge sum of covid grand money stolen or scammed out, the investigation later revealed that the custom Linux edr developed for this os was not working as it would have worked in windows versions,
DF-41
Banned
- Mar 20, 2022
- 1,399
- 1,319
Crowdstrike: How China swerved worst of global tech meltdown
Very few organisations will buy software from the US firm, partly thanks to its criticism of Beijing.
www.bbc.com
Raj-Hindustani
Senior Member
- May 4, 2019
- 6,249
- 3,917
okay so let me add.
Two below released by crowd strike during the impacted day, "00000028.sys" is a good file and most likely devices has no impacted and reporting fine. but were having issue with "00000027.sys"
Below is the CS query (run for the last 7 days, impacted date should cover) - if devices match and those are inactive after downloading the file, most likely those are affected systems. Need to perform troubleshooting as troubleshooting documents is available from various sources -
C-00000291* |in(field="#event_simpleName", values=[AgentOnLine, LFODownloadConfirmation])
| groupBy([aid,ComputerName], function=[max(@timestamp, as=lastSeen),max(@timestamp, as=lastSeenForCalculation) ,collect([FileName])], limit=max)
| lastSeen:=formatTime(field=lastSeen, format="%Y/%m/%d %H:%M:%S")
| lastSeenForCalculation >= 1721362140000 AND lastSeenForCalculation <= 1721366820000
Two below released by crowd strike during the impacted day, "00000028.sys" is a good file and most likely devices has no impacted and reporting fine. but were having issue with "00000027.sys"
| C-00000291-00000000-00000028.sys C-00000291-00000000-00000027.sys |
Below is the CS query (run for the last 7 days, impacted date should cover) - if devices match and those are inactive after downloading the file, most likely those are affected systems. Need to perform troubleshooting as troubleshooting documents is available from various sources -
C-00000291* |in(field="#event_simpleName", values=[AgentOnLine, LFODownloadConfirmation])
| groupBy([aid,ComputerName], function=[max(@timestamp, as=lastSeen),max(@timestamp, as=lastSeenForCalculation) ,collect([FileName])], limit=max)
| lastSeen:=formatTime(field=lastSeen, format="%Y/%m/%d %H:%M:%S")
| lastSeenForCalculation >= 1721362140000 AND lastSeenForCalculation <= 1721366820000
