My account

Month: May 2016

SOC Prime trains 18 security experts


Kyiv, Ukraine, May 30, 2016 – SOC Prime conducted an expert master class on HPE ArcSight administration, SIEM best practices and SOC automation via Predictive Maintenance on Friday, 27th of May. Warmly welcomed by HPE Ukraine, 18 security professionals worked intensely with SOC Prime team for the whole day, collaborating on practical aspects of SIEM […]

Infrastructure infiltration via RTF


Let’s proceed to studying a stage of attack called “Delivery” from Lockheed Martin Cyber Kill Chain. Much can be said about this stage, but today I’ll just share parsing of one sample which I have recently received for analysis. The sample attracted my attention because of its simplicity on one hand and its sophistication on […]

Attack on domain controller database (NTDS.DIT)


So, as I have promised, we start the process of analyzing separate Cyber Kill Chain stages of the previously described attack. Today we will review one of the attack vectors on the Company infrastructure, which we can count as two stages: «Actions on Objectives» and «Reconnaissance». Our goals are: