vuln disclosure
CrowdStrike Falcon Sensor Process Suspension Bypass (Sleeping Beauty)Sleeping Beauty
SEC Consult discovered that CrowdStrike Falcon Sensor processes could be suspended by an attacker with SYSTEM privileges, allowing malicious applications to execute undetected. The vulnerability, named 'Sleeping Beauty', was initially dismissed by CrowdStrike as a detection gap but was silently patched by 2025. The bypass enabled tools like winPEAS, Rubeus, and Certipy to run unimpeded until the sensor was resumed.