Each topic will have a page with relevant scenarios being linked to as subsections. Provide lots of images of VMs, logs of incidents, relevant front end screenshots, etc.
Vanilla Hive
Hive but signed (I'll test sign it or something)
Hive w/ process injection into long running svchost
Hive memory hollowing sql server (or something similar)
Hive via Log4J
Hive via dll injection into defender w/ powershell scripts
Redline credential theft
RAT file theft (redline if possible, or quasarrat or something)
RAT deploying Hive
What process injection means (is it always malicious)
What memory modification means (how we can "kind of" tell now w/ diffs)
Why misc signatures are not fool proof
Examining parent process and program args for irregularities