03 Jun 2022
Sticky Post By Posted in Cyber Security, Incident Response, Vulnerability Assessment Permalink

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics

Sticky Post By On June 3, 2022
Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using the URL protocol from a calling application (Word products such as Word/Excel/Outlook).

Read More

12 Apr 2022
Sticky Post By Posted in Malware Protection, Managed Security Services, Managed SOC Services Permalink

Wiper Malware – What is it and How to Detect?

Sticky Post By On April 12, 2022
In the world of different malware types and strains, the most disruptive malware type besides ransomware might be Wiper malware. The original wiper malware was first seen back in 2012 but did not enter the spotlight until 2014 when Sony company was hit with this destructive strain.

Read More

29 Mar 2022
Sticky Post By Posted in Ransomware Protection Permalink

Ransomware Detection Using Machine Learning

Sticky Post By On March 29, 2022
Gone are the days of manual security analysis that cyber security teams used to perform to track down and stop ransomware attacks.

Due to the vast amount of data that is being generated every minute of every day, it has become impossible to rely on a few cyber security professionals to stop ransomware attacks without significant assistance from automated security tools.

Read More

15 Mar 2022
Sticky Post By Posted in Compromise Assessment, Ransomware Protection Permalink

How to Detect Ransomware Early

Sticky Post By On March 15, 2022
The proliferation of ransomware attacks in the past decade has brought many challenges to companies and cyber security teams worldwide. What started as simple ransomware attacks that a knowledgeable person could reverse has now exploded into a large industry with attackers reaping large profits with advanced forms of ransomware that is impossible to reverse.

Read More

28 Feb 2022
Sticky Post By Posted in Cyber Security, DARKINT, EDR, OSINT, SIEM, Threat Intelligence, Vulnerability Assessment, XDR Permalink

CSOC Analysts Cybersecurity Toolkit Arsenal

Sticky Post By On February 28, 2022
It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No matter how diverse these organizations are, they have one thing in common, a CSOC analyst who is watching over their infrastructure.

Cyber Security Operation Centers or CSOC is comprised of a team of cyber security analysts whose responsibilities are fully dedicated to hunting for vulnerabilities, indicators of compromise and investigating incidents and alarms generated by SIEM, XDR and other monitoring security platforms and tools.

Read More

20 Jan 2022
Sticky Post By Posted in Managed SOC Services, Security Operations Center, XDR Permalink

XDR Software – The Journey Beyond

Sticky Post By On January 20, 2022
We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the threat detection field and the benefits it brings plays a key role into understanding how this can fit into your overall cybersecurity ecosystem.

Read More

15 Dec 2021
Sticky Post By Posted in Vulnerability Assessment Permalink

Log4j Critical RCE

Sticky Post By On December 15, 2021
The Log4j Vulnerability commonly known as Log4Shell zero day vulnerability was made public on December 9th 2021. This vulnerability is being tracked as CVE-2021-44228 and has been given a CVSS 3.0 severity score of 10.0 (Critical).

Read More

12 Oct 2021
Sticky Post By Posted in Cyber Security, Managed Security Services, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3

Sticky Post By On October 12, 2021
Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right permissions for reading security logs.

Read More

09 Sep 2021
Sticky Post By Posted in Cyber Security, Managed Security Services, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2

Sticky Post By On September 9, 2021
From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from outside to user segments. Hence, we will be discussing Source Initiated Windows Event Forwarding in this article.

Read More

27 Aug 2021
Sticky Post By Posted in Cyber Security, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1

Sticky Post By On August 27, 2021
Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in place. The threat landscape is constantly evolving and often the case is that your protective measures are playing catch up.

Read More

07 Mar 2021
Sticky Post By Posted in Azure Sentinel Permalink

Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing

Sticky Post By On March 7, 2021
From our experience in deploying various SIEM platform, we would rank Azure sentinel number one when it comes to the variety of data collection options it provides. Virtually any log sources and type of data can be ingested in the Azure Sentinel with the different options it provides

Read More

07 Feb 2021
Sticky Post By Posted in Azure Sentinel Permalink

Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM

Sticky Post By On February 7, 2021
You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

Read More

10 Jan 2021
Sticky Post By Posted in Managed SOC Services, Security Operations Center, Security Orchestration, SOAR Permalink

SOAR Features and Use Cases

Sticky Post By On January 10, 2021
Organizations are getting bigger and bigger and, because of that a lot of events, activities and data are being generated and triggered, and the scale of these events sometimes reaches to a peak, where analysts are not able to handle them anymore.

Read More

31 Dec 2020
Sticky Post By Posted in Cyber Threat Intelligence, Managed SOC Services Permalink

Dark Web and Threat Intelligence (DARKINT)

Sticky Post By On December 31, 2020
Security researchers and Cybersecurity professionals have an immense interest in discovering threat intelligence on the deep web and darknet. This intelligence allows organizations to detect block and prevent threats of all kinds—But first, we need to know, what exactly is the deep web and the Dark Web?

Read More

23 Dec 2020
Sticky Post By Posted in Cyber Security, Incident Response Permalink

Ransomware Incident Response Plan – Part 2

Sticky Post By On December 23, 2020
Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system if not responded properly. The following article is specially created for preparing incident response teams against this particular attack, but it is generally excellent guidance for everyone who would like to have clear and step-by-step approach on how to prepare, identify, contain, remediate and recover from the dangerous attacks of ransomware.

Read More

18 Nov 2020
Sticky Post By Posted in Cyber Security, Incident Response Permalink

Ransomware Incident Response Plan – Part 1

Sticky Post By On November 18, 2020
Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system if not responded properly. The following article is specially created for preparing incident response teams against this particular attack, but it is generally excellent guidance for everyone who would like to have clear and step-by-step approach on how to prepare, identify, contain, remediate and recover from the dangerous attacks of ransomware.

Read More

19 Aug 2020
Sticky Post By Posted in Cyber Security, Cyber Threat Intelligence, Security Operations Center Permalink

Cyber Threat Intelligence and OSINT

Sticky Post By On August 19, 2020
We are living in a world where any number of cyber threats can bring an organization to its knees and it can be downright terrifying. Few years ago, threat intelligence first became a new buzzword in cybersecurity. Threat intelligence was not always a concept easily understood by typical IT security professionals.

Read More

16 Aug 2020
Sticky Post By Posted in Cyber Security, Incident Response, Threat Hunting, Threat Modeling Permalink

Threat Model and Security Considerations For Remote Workers

Sticky Post By On August 16, 2020
As the world faces uncertain times, due to the spread of the pandemic COVID19 (coronavirus) outbreak, organizations around the world sent hundreds of thousands of employees to work from their home.

Read More

14 Jun 2020
Sticky Post By Posted in Cyber Security, Incident Response Permalink

12 Steps to Secure Your Organization’s Office 365 Accounts Effectively

Sticky Post By On June 14, 2020
Recently, our Incident response team at HAWKEYE received a frantic call from one of our clients saying that their o365 email accounts seems to have been hacked. One of their investors received an email from an attacker asking them to transfer a huge amount of money to the client with the bank account details.

Read More


CONTACT US

We welcome you to contact us for more information
about HAWKEYE - SOC As A Service.

VISIT HAWKEYE CYBER SECURITY CENTER

Address: Office 4, Oasis Center, Sheikh Zayed Road, Dubai, United Arab Emirates

Phone: +971 4 338 3365

Email: hawkeye@dts-solution.com

 

LET'S GET SOCIAL

CONTACT US

    captcha