Skip to content

The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.

License

Notifications You must be signed in to change notification settings

securityjoes/Crowdstrike-Deploy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Crowdstrike-Deploy 1.1v

Akzidenz-Grotesk (1)-modified

What is Crowdstrike Deploy?

(Short answer: This tool can deploy Crowdstrike from Microsoft Defender Live Response or Palo Alto XDR Live Terminal and even on a local machine)

Have you ever been in an incident response situation where the only remote investigation tool available was something like Microsoft Defender? We all know the limitations of Microsoft Defender's Live Response, especially when it comes to executing PowerShell commands during a session.

That's why I created Crowdstrike Deploy! Crowdstrike Deploy is the ultimate solution for incident responders who need to deploy Crowdstrike sensors quickly and discreetly from the client Live Terminal\Live Response EDR tool. No longer do you have to wait for the client's IT team to find time to install your Crowdstrike sensor. With Crowdstrike Deploy, you can install the Crowdstrike sensor secretly, without triggering any alerts on the client's side.

Whether your client is using Palo Alto XDR Live Terminal, Microsoft Defender Live Response, or even if there is no EDR solution in place, Crowdstrike Deploy gets the job done with a single push of a button. Save precious time, take control of the situation, and stop incidents in their tracks with Crowdstrike Deploy!

"Deploy Fast, Defend Faster."

Support Table

This table represents the current platforms supported by Crowdstrike Deploy.

Operation System Support Status Cloud Service Support Status Platforms Support Status
Windows 10 OneDrive Locally
Windows 11 Dropbox Falcon Crowdstrike
Linux Google Drive Microsoft Defender
Mac MEGA Palo Alto XDR

How to Configure Crowdstrike Deploy?

First, you need to configure the following variable inside the Crowdstrike-Deploy.ps1 code:

###### Please Paste Your Information in Here ######
$SensorLink = "" # Crowdstrike Sensor Download Link
$SensorSig1 = "" # Crowdstrike Sensor Hash (SHA256)
$TenantCID  = "" # Crowdstrike Tenant CID
$TenantName = "" # Crowdstrike Tenant Name
###################################################
  1. Create a OneDrive direct download link for your Crowdstrike sensor, and paste it inside $SensorLink = "".
    1.1 How to download Crowdstrike sensor..
    1.2 How to create a OneDrive direct download link.

  2. Create a SHA256 file signature for your Sensor file and paste it inside $SensorSig1 = "".
    2.1 How to create a SHA256 file signature.

  3. Copy your tenant CID and paste it inside $TenantCID = "".
    3.1 How to get your tenant CID.

  4. Copy your tenant name and paste it inside $TenantName = "".

How to use Crowdstrike Deploy?

After you finished configuring the necessary variables inside the code,
you can now execute the tool in any supported environment you want!

Local Machine Deploy Guild

  1. Open PowerShell and execute Crowdstrike-Deploy.ps1, that's it.

Microsoft Defender Deploy Guide

  1. Choose a machine and initiate a Live Response session.
  2. Upload Crowdstrike-Deploy.ps1 to the Defender library.
  3. Run the script from the Live Response session.
  4. Done.

Palo Alto XDR Deploy Guild

  1. Choose a machine and initiate Live a Live Terminal.
  2. From the Live Terminal upload Crowdstrike-Deploy.ps1 to the machine.
  3. Click on "PowerShell" and execute Crowdstrike-Deploy.ps1.
  4. Done.

How to use Crowdstrike Deploy on Linux?

Just drop the file locally on your machine or any platform mentioned above
and run the "Crowdstrike-Deploy.sh" bash script as root, like in this example:

eilay@UBUSRV01:~$ sudo ./Crowdstrike-Deploy.sh

Need Help?

Found a bug? Need help? do you want to add a feature?
Don't hesitate to contact me by creating an issue.