Month: May 2016

SOC Prime trains 18 security experts

Kyiv, Ukraine, May 30, 2016 – SOC Prime conducted an expert master class on HPE ArcSight administration, SIEM best practices and SOC automation via Predictive Maintenance on Friday, 27th of May. Warmly welcomed by HPE Ukraine, 18 security professionals worked intensely with SOC Prime team for the whole day, collaborating on practical aspects of SIEM […]

Read More
Infrastructure infiltration via RTF

Let’s proceed to studying a stage of attack called “Delivery” from Lockheed Martin Cyber Kill Chain. Much can be said about this stage, but today I’ll just share parsing of one sample which I have recently received for analysis. The sample attracted my attention because of its simplicity on one hand and its sophistication on […]

Read More
Attack on domain controller database (NTDS.DIT)

So, as I have promised, we start the process of analyzing separate Cyber Kill Chain stages of the previously described attack. Today we will review one of the attack vectors on the Company infrastructure, which we can count as two stages: «Actions on Objectives» and «Reconnaissance». Our goals are:

Read More