christian_taillon (@christian_tail)
twiiit.com
You're correct. Full of zeros at least.

…according to a Twitter post by the Chief Informational Security Officer of Grand Canyon Education.

So, does anyone else find it odd that the file that caused everything CrowdStrike to freak out, C-00000291-
00000000-00000032.sys was 42KB of blank/null values, while the replacement file C-00000291-00000000-
00000.033.sys was 35KB and looked like a normal, if not obfuscated sys/.conf file?

Also, apparently CrowdStrike had at least 5 hours to work on the problem between the time it was discovered and the time it was fixed.

  • Dark ArcAEnglish
    362·
    2 months ago

    This is a pretty hot take. A single bad file can topple pretty much any operating system depending on what the file is. That’s part of why it’s important to be able to detect file corruption in a mission critical system.

    • Dave.@aussie.zoneEnglish
      2·
      2 months ago

      This was a binary configuration file of some sort though?

      Something along the lines of:

      IF (config.parameter.read == garbage) {
     Dont_panic;
}

      Would have helped greatly here.

      Edit: oh it’s more like an unsigned binary blob that gets downloaded and directly executed. What could possibly go wrong with that approach?