Skip to main content
Advanced Search
Search Terms
Content Type

Exact Matches
Tag Searches
Date Options
Updated after
Updated before
Created after
Created before

Search Results

227 total results found

Training License Management

Cyber Crucible Training Info

...

What Happens When CC Finds Memory Attacks

Memory Analytics

...

4.4.0.9

Software Releases Endpoint Agent

FeaturesFor telementry-enabled groups, added Active Directory data to credential theft watch listFixesRemove duplicate local volumes and network share entries in some environments.Refined behavior for some thumbnail database rebuilds causing incidentsFixed lic...

4.4.0.9.1

Software Releases Endpoint Agent

FeaturesNone - maintenance update.FixesFixed some network shares connected by a user being initially ignored in analytics.Refined false positive behavior associated with shares appearing during user sessions, followed quickly by a Save As dialog box.WHCP/WHQL ...

4.4.1.0

Software Releases Endpoint Agent

FeaturesExpanded support for processes injection analytics, to dramatically increase the accuracy of detecting malicious vs benign intent for applications. This became especially important due to a small number (<0.02%) of machines in Cyber Crucible telemetry...

4.4.1.1

Software Releases Endpoint Agent

FeaturesImproved analytical processing for parent-child relationships, when the parent process quickly dies before Cyber Crucible completes processing (milliseconds).The extremely common scenario here is that attackers (and legitimate programs) will often open...

4.4.1.2

Software Releases Endpoint Agent

FeaturesIncreased available specificity for whitelists, such as parent process path and arguments.Expanded support for identity access analytics to more credential databases.Identity access is now also monitored for Slack, Opera, Thunderbird, Discord, and Viva...

4.4.1.3

Software Releases Endpoint Agent

FeaturesCredential/Identity Monitoring now includes various VPN, cryptocurrency wallet, and other applications.In a (this is common) chain of affected processes during an attack (attacker moves from running program A, to B, to C, and D is used for data theft),...

Training Scenario - DLL Injection

Cyber Crucible Training Info Scenarios

Group NameTraining Data - Dll Injection (Hive)ScenarioIn this training scenario, we will execute an encrypted ransomware payload via DLL injection into a signed MS Defender. A custom DLL has been created, as an attacker would create it, which decrypts a fake ....

Training Scenario - Vanilla Ransomware

Cyber Crucible Training Info Scenarios

Group NameTraining Data - Vanilla Ransomware (Hive)ScenarioIn this training scenario, we will execute a ‘vanilla’ ransomware payload, running as admin without any exploits. This simulates the basic example of a user downloading malware via a phishing link, mal...

Training Scenario - Signed Ransomware

Cyber Crucible Training Info Scenarios

Group NameTraining Data - Signed Ransomware (Hive)ScenarioIn this training scenario, we will execute a ransomware payload, running as admin, and with a custom signature. This scenario is not too different from the ‘vanilla’ sample, but utilizes a signed execut...

Training Scenario - Data Enumeration

Cyber Crucible Training Info Scenarios

Group NameTraining Data - RAT Exfil (Quasar)ScenarioIn this training scenario, we will execute a RAT on the victim machine, and use it to enumerate the data on disk, with the goal of exfiltrating files.While this is not a ransomware attack, the behaviors used ...

Training Scenario - Process Injection

Cyber Crucible Training Info Scenarios

Group NameTraining Data - Process Injection (Hive)ScenarioIn this training scenario, we will execute a ransomware payload via process injection into an already running Svchost.exe. The Svchost in question is a normal system operation, long running, signed, and...

Training Scenario - Memory Modification

Cyber Crucible Training Info Scenarios

Group NameTraining Data - Process Hollowing SQL (Hive)ScenarioIn this training scenario, we will execute a ransomware payload via process hollowing, an injection / evasion technique where a process is started and has its executable code modified to do some oth...

Training Scenario - Identity Theft

Cyber Crucible Training Info Scenarios

Group NameTraining Data - Identity Theft (Redline)ScenarioIn this training scenario, we will execute a piece of “stealer” malware in order to perform the first stage of an attack, credential theft. Unlike the RAT scenario, this one does not use the same behavi...

4.4.1.4

Software Releases Endpoint Agent

FeaturesUpgraded pattern matching capabilities in the behavioral model.This is especially relevant for additional coverage of identity store locations, such as cryptocurrency wallet locations.Increased software dependency functionality for (Cyber Crucible) lib...

4.4.2.0

Software Releases Endpoint Agent

FeaturesUpgraded monitoring and prevention capabilities for automated identity access protection.Optimize network usage through variable communication rates dependent on client behaviors.FixesN/AMD5 Hashesservice.exe = 408d8ae9e35ee65c8e208cfa76c67df6 assist...

Web Application 01.23

Software Releases Web Application

FeaturesImplemented a cross-link on the extortion responses child grid to view the related process creations and injections.Implemented user password aging policy for groups.Added training mode and the ability to reset a parent group’s training data to its ori...