Summary: The video discusses a technique for bypassing CrowdStrike’s Endpoint Detection and Response (EDR) system by placing the process into a sleep mode rather than killing it outright. This method allows users to circumvent detection without completely disabling the EDR, which can enable certain activities while limiting others. The video also raises questions about the timing of the disclosure, suggesting possible coordination with CrowdStrike.
Keypoints:
- The technique involves putting the CrowdStrike EDR process in sleep mode instead of killing it.
- This approach allows for evasion of detection while still performing some actions undetected.
- Limitations exist when using the sleep mode method; certain actions may not be possible.
- The technique is applicable not only to CrowdStrike but also to other EDR vendors.
- The video’s creator speculates about a possible conspiracy or takedown notice from CrowdStrike.
- Interestingly, the disclosure of this technique was coordinated with CrowdStrike, who ultimately fixed the vulnerability after initial resistance.
Youtube Video: https://www.youtube.com/watch?v=id1QAMqDxZM
Youtube Channel: Security Weekly – A CRA Resource
Video Published: Thu, 27 Mar 2025 22:00:37 +0000