This info is to be populated for customer facing training, but is kept internal until it’s complete and ready to be released.

Each topic will have a page with relevant scenarios being linked to as subsections. Provide lots of images of VMs, logs of incidents, relevant front end screenshots, etc.

Scenario to cover:

Vanilla Hive
Hive but signed (I'll test sign it or something)
Hive w/ process injection into long running svchost
Hive memory hollowing sql server (or something similar)
Hive via Log4J
Hive via dll injection into defender w/ powershell scripts
Redline credential theft
RAT file theft (redline if possible, or quasarrat or something)
RAT deploying Hive

Additional broader topics:

What process injection means (is it always malicious)
What memory modification means (how we can "kind of" tell now w/ diffs)
Why misc signatures are not fool proof
Examining parent process and program args for irregularities

Versions Compared

Old Version 1

New Version 2

Key

This info is to be populated for customer facing training, but is kept internal until it’s complete and ready to be released.

Scenario to cover:

Additional broader topics:

Page Comparison

Versions Compared

Old Version 1

New Version 2

Key

This info is to be populated for customer facing training, but is kept internal until it’s complete and ready to be released.

Scenario to cover:

Additional broader topics: