This info is to be populated for customer facing training, but is kept internal until it’s complete and ready to be released.
Each topic will have a page with relevant scenarios being linked to as subsections. Provide lots of images of VMs, logs of incidents, relevant front end screenshots, etc.
Scenario to cover:
Vanilla Hive
Hive but signed (I'll test sign it or something)
Hive w/ process injection into long running svchost
Hive memory hollowing sql server (or something similar)
Hive via Log4J
Hive via dll injection into defender w/ powershell scripts
Redline credential theft
RAT file theft (redline if possible, or quasarrat or something)
RAT deploying Hive
Additional broader topics:
What process injection means (is it always malicious)
What memory modification means (how we can "kind of" tell now w/ diffs)
Why misc signatures are not fool proof
Examining parent process and program args for irregularities