Detecting Malicious SMB Activity Using Bro

Attackers utilize the Server Message Block (SMB) protocol to blend in with network activity, often carrying out their objectives undetected. Post-compromise, attackers use file shares to move laterally, looking for sensitive or confidential data to exfiltrate out a network. Traditional methods for...
By
Richie Cyrus
December 13, 2016

All papers are copyrighted. No re-posting of papers is permitted

470x382_Research_Paper_gray.jpg