Advanced Search
Search Results
227 total results found
Training License Management
...
What Happens When CC Finds Memory Attacks
...
4.4.0.9
FeaturesFor telementry-enabled groups, added Active Directory data to credential theft watch listFixesRemove duplicate local volumes and network share entries in some environments.Refined behavior for some thumbnail database rebuilds causing incidentsFixed lic...
4.4.0.9.1
FeaturesNone - maintenance update.FixesFixed some network shares connected by a user being initially ignored in analytics.Refined false positive behavior associated with shares appearing during user sessions, followed quickly by a Save As dialog box.WHCP/WHQL ...
4.4.1.0
FeaturesExpanded support for processes injection analytics, to dramatically increase the accuracy of detecting malicious vs benign intent for applications. This became especially important due to a small number (<0.02%) of machines in Cyber Crucible telemetry...
4.4.1.1
FeaturesImproved analytical processing for parent-child relationships, when the parent process quickly dies before Cyber Crucible completes processing (milliseconds).The extremely common scenario here is that attackers (and legitimate programs) will often open...
4.4.1.2
FeaturesIncreased available specificity for whitelists, such as parent process path and arguments.Expanded support for identity access analytics to more credential databases.Identity access is now also monitored for Slack, Opera, Thunderbird, Discord, and Viva...
4.4.1.3
FeaturesCredential/Identity Monitoring now includes various VPN, cryptocurrency wallet, and other applications.In a (this is common) chain of affected processes during an attack (attacker moves from running program A, to B, to C, and D is used for data theft),...
Training Scenario - DLL Injection
Group NameTraining Data - Dll Injection (Hive)ScenarioIn this training scenario, we will execute an encrypted ransomware payload via DLL injection into a signed MS Defender. A custom DLL has been created, as an attacker would create it, which decrypts a fake ....
Training Scenario - Vanilla Ransomware
Group NameTraining Data - Vanilla Ransomware (Hive)ScenarioIn this training scenario, we will execute a ‘vanilla’ ransomware payload, running as admin without any exploits. This simulates the basic example of a user downloading malware via a phishing link, mal...
Training Scenario - Signed Ransomware
Group NameTraining Data - Signed Ransomware (Hive)ScenarioIn this training scenario, we will execute a ransomware payload, running as admin, and with a custom signature. This scenario is not too different from the ‘vanilla’ sample, but utilizes a signed execut...
Training Scenario - Data Enumeration
Group NameTraining Data - RAT Exfil (Quasar)ScenarioIn this training scenario, we will execute a RAT on the victim machine, and use it to enumerate the data on disk, with the goal of exfiltrating files.While this is not a ransomware attack, the behaviors used ...
Training Scenario - Process Injection
Group NameTraining Data - Process Injection (Hive)ScenarioIn this training scenario, we will execute a ransomware payload via process injection into an already running Svchost.exe. The Svchost in question is a normal system operation, long running, signed, and...
Training Scenario - Memory Modification
Group NameTraining Data - Process Hollowing SQL (Hive)ScenarioIn this training scenario, we will execute a ransomware payload via process hollowing, an injection / evasion technique where a process is started and has its executable code modified to do some oth...
Training Scenario - Identity Theft
Group NameTraining Data - Identity Theft (Redline)ScenarioIn this training scenario, we will execute a piece of “stealer” malware in order to perform the first stage of an attack, credential theft. Unlike the RAT scenario, this one does not use the same behavi...
4.4.1.4
FeaturesUpgraded pattern matching capabilities in the behavioral model.This is especially relevant for additional coverage of identity store locations, such as cryptocurrency wallet locations.Increased software dependency functionality for (Cyber Crucible) lib...
4.4.2.0
FeaturesUpgraded monitoring and prevention capabilities for automated identity access protection.Optimize network usage through variable communication rates dependent on client behaviors.FixesN/AMD5 Hashesservice.exe = 408d8ae9e35ee65c8e208cfa76c67df6 assist...
Web Application 01.23
FeaturesImplemented a cross-link on the extortion responses child grid to view the related process creations and injections.Implemented user password aging policy for groups.Added training mode and the ability to reset a parent group’s training data to its ori...