• aodhsishaj@lemmy.world
    link
    fedilink
    English
    arrow-up
    20
    ·
    4 months ago

    That’s not how any of this worked. Also not how working in a large team that develops for thousands of clients works. It wasn’t just one dev that fucked up here.

    Crowd Strike Falcon uses a signed boot driver. They don’t want to wait for MS to get around to signing a driver if there’s a zero day they’re trying to patch. So they have an empty driver with null pointers to the meat of a real boot driver. If you fat finger a reg key, that file only containing the 9C character, points to another null pointer in a different file and you end up getting a non bootable system as the whole driver is now empty.

    If you don’t understand what I just said here’s some folk that spent good time and effort to explain it.

    https://www.youtube.com/watch?v=pCxvyIx922A&t=312s

    https://www.youtube.com/watch?v=wAzEJxOo1ts