Detecting Malicious SMB Activity Using Bro

Attackers utilize the Server Message Block (SMB) protocol to blend in with network activity, often carrying out their objectives undetected. Post-compromise, attackers use file shares to move laterally, looking for sensitive or confidential data to exfiltrate out a network. Traditional methods for...
Richie Cyrus
December 13, 2016

All papers are copyrighted. No re-posting of papers is permitted