CrowdStrike Beefs Up Exploit Detection With Intel CPU Telemetry

guest · Jan 4, 2022

January 3, 2022

CrowdStrike said the CPU telemetry is powering a new Hardware Enhanced Exploit Detection feature in its Falcon platform and will help detect complex attack techniques that are notoriously hard to identify and expand memory safety protections on older PCs that lack modern anti-exploit mitigations.

“Once activated, the new feature detects exploits by analyzing suspicious operations associated with exploit techniques, such as shellcode injection, return-oriented programming,” CrowdStrike said.
The new detection technology has been fitted into version 6.27 of CrowdStrike’s Falcon sensor and is available on systems with Intel CPUs, sixth generation or newer, running Windows 10 RS4 or later.
Click to expand...

According to a note from CrowdStike security engineers, the new tech uses Intel Processor Trace (Intel PT), a CPU feature that delivers extensive telemetry useful for the detection and prevention of code reuse exploits.

On machines with Intel Processor Trace enabled and supported, CrowdStrike said its Falcon sensor will enable execution tracing for a selected set of programs.

“Whenever the program executes a critical system service (like creating a new process), the sensor will analyze the captured trace to look for suspicious operations.
Click to expand...

Crowdstrike: CrowdStrike Strengthens Exploit Protection Using Intel CPU Telemetry

Falcon adds a new feature that uses Intel hardware capabilities to detect complex attack techniques that are notoriously hard to detect.

CrowdStrike’s new Hardware Enhanced Exploit Detection feature delivers memory safety protections for a large number of customers on older PCs that lack modern in-built protections.

Once activated, the new feature detects exploits by analyzing suspicious operations associated with exploit techniques, such as shellcode injection, return-oriented programming and others, strengthening CrowdStrike’s existing layered protection against sophisticated adversaries and threats throughout the attack chain.

Click to expand...

Rasheed187 · Jan 9, 2022

I believe HMPA is also making use of certain features in Intel CPU's, but I'm guessing that what CrowdStrike is using is even more advanced. Seems like a great way to tackle exploits.

Log in or Sign up

CrowdStrike Beefs Up Exploit Detection With Intel CPU Telemetry

guest Guest

Rasheed187 Registered Member

Log in or Sign up

CrowdStrike Beefs Up Exploit Detection With Intel CPU Telemetry

guest Guest

Rasheed187 Registered Member

Useful Searches