CrowdStrike Fires Insider Who Shared Screens Externally

the exploit blog logo
Penetration Testing Blog
CrowdStrike Fires Insider Who Shared Screens and Auth Cookies Externally
Posted on December 1, 2025
Written by Andrew Trexler

A hacker group claimed to have gained access to CrowdStrike’s internal systems, showing screenshots to verify their access. While they claimed to have gained access by leveraging information from a separate breach, CrowdStrike fired a “suspicious insider” who shared pictures of their computer screen externally and has announced that their systems were never compromised. While the attackers claimed to have received SSO authentication cookies from the insider, CrowdStrike says that they had already discovered the insider and removed all access by that time.

While many breaches come from stolen credentials or phishing attacks, criminal gangs will also sometimes work with insiders to gain access to internal resources. This underscores the myriad of ways attackers use to gain access to systems and information and how organizations must be vigilant to prevent and catch such threats. CrowdStrike has provided the discovered information to law enforcement agencies.

Andrew Trexler

Andrew Trexler
Andrew graduated from the University of Pittsburgh with a degree in Information Science where he focused on networking and security. He continued his education by obtaining the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Junior Penetration Tester (eJPT) certifications. When not participating in capture the flag events, Andrew works as a pyrotechnic operator setting up and shooting firework shows in the Pittsburgh area.

About The Exploit Blog

The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.

Search The Exploit Blog

Raxis Discovered Vulnerabilities

View the CVEs and bugs that Raxis pentesters have uncovered and submitted.

Tested by the People Who Wrote This Blog Post

The engineers behind these posts run real engagements every week. Put them on your network, web apps, APIs, or cloud and see what an attacker would find first.

Request A Quote Schedule Call

Blog Categories

Join Our Newsletter

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.