Software is exploitable, as you admit in your post. For forensic purposes, it must be part of the equation.
If the FBI accepts what they got as forensic images, then I have no reason to suspect they are altered. âForensicâ has a very specific meaning here and you canât discount it just to push a conspiracy hoax.
You assume they were using Windows servers⌠they were likely using Linux. They stated they used cloud providers like AWS. If so, the hyper visor is protected.
Already addressed.
Crowdstrike reputation depends on it⌠so yea. What reason do we have to believe that they altered the images?
It isnât.
1 Like
So, if the host is compromised, then the VMs arenât at risk. Is that really what youâre trying to sell?
Unnecessary. If possible, (keep in mind, there are no known exploits that havenât been patched, outside of physically getting to the machine) the only way to affect a Hypervisor would be through the VM.
Why would it be necessary to get an image of the Hypervisor software? And two, how do you know they didnât?
Youâre looking at it backwards. For a bare metal hypervisor to be compromised, the VM has to be compromised first.
You donât need the host⌠have you ever done forensic imaging on cloud or vm hosts?
Are you suggesting that hypervisors donât have human administrators?
Are you suggesting that a client can be secure on an insecure host?
Or the administrator.
Are you suggesting someone in the server room intentionally compromised the system?
Can you explain why it would be necessary to compromise a hypervisor, rather than the VM directly?
Iâm suggesting that humans are the weakest link. I did not say or imply that it would be necessary.
The onus is on the accuser to prove CrowdStrike guiltyâŚnot for CrowdStrike to prove itself innocent.
Are you adding to the conspiracy now? There was an inside man in cloud providers server room? (Who I think would be AWS?)
Do you actually know how the tech works?
Nothing conspiratorial about the fact that if a host is insecure, then the clients are too.
Youâre the one placing the server admin as a villain. I suggest applying Hanlonâs razor to your theory.
Uh yes. Defense in depth. You can have a insecure host or insecure facility and still have a secure VM, OS and or App.
Having an insecure host or facility is a vulnerability that can be exploited but that doesnât mean the target is attained. Just one less hurdle
Wouldnât pass an audit. Would it?
