Usage of NPPSpy

Extracting Windows credentials from Domain based hosts is one of the common attack techniques hackers use to obtain user credentials from Windows hosts. Once obtained, these user credentials are used to laterally move between the hosts and deploy threats or exfiltrate data from the network.

Read More

Malware Evasion Techniques and Recommendations for Threat Protection

Malware evasion methods are frequently employed to evade detection, analysis, and comprehension. Due to the fact that sandboxes are now the quickest and simplest approach to getting an overview of the threat, anti-sandbox detection is one of the most common kinds of evasion.

Read More

Data Exfiltration and Detection through Anomaly Detection

Data exfiltration is the unauthorised transfer of critical and sensitive data and/or information from a targeted network to the cyber pests’ hideouts. Detecting data exfiltration is a difficult task because data flows in and out of networks on a regular basis, and this nefarious technique closely resembles normal network traffic.

Read More

DGA Detection Using Machine Learning

Domain Generation algorithm (DGA) is an automation technique used by cyber attackers for a variety of attacks like Data exfiltration, command and control and DNS tunnelling and to make it harder for the company’s defenses to detect them.

Read More

Augmenting Traditional UEBA with ML and Deep Learning

User and entity behavior analytics (UEBA) is a threat detection technology that is based on analytics. UEBA employs machine learning and data science to gain an understanding of how users (humans) in an environment typically behave and then detect risky and anomalous activity that deviates from their normal behavior and may indicate a threat.

Read More

Tools Used for Dumping of RDPCreds via comsvcs.dll

Remote Desktop Protocol (RDP) is commonly used by administrators to manage Windows environments remotely. It is also typical for RDP to be enabled in systems that act as a jumpstation to enable users to reach other networks.

Read More

Alert Advisory: Analysis of BlackCat Ransomware

BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide using the multi-level extortion tactic.

Read More

SSO SAML Tokens Attack

SAML (In)Security

Security Assertion Markup Language (SAML) is a method for exchanging authentication and authorization between trusted parties. It’s essentially an XML schema that allows for federated Single Sign-On (SSO) to work.

Read More

ToddyCat APT

ToddyCat — a relatively new Chinese-Speaking Advanced Persistent Threat, has been targeting and exploiting vulnerable Exchange Servers throughout Europe and Asia since December 2020 for targeting high-profile entities which is recently reported by Kaspersky.

Read More

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics

Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using the URL protocol from a calling application (Word products such as Word/Excel/Outlook).

Read More

Wiper Malware – What is it and How to Detect?

In the world of different malware types and strains, the most disruptive malware type besides ransomware might be Wiper malware. The original wiper malware was first seen back in 2012 but did not enter the spotlight until 2014 when Sony company was hit with this destructive strain.

Read More

Ransomware Detection Using Machine Learning

Gone are the days of manual security analysis that cyber security teams used to perform to track down and stop ransomware attacks.

Due to the vast amount of data that is being generated every minute of every day, it has become impossible to rely on a few cyber security professionals to stop ransomware attacks without significant assistance from automated security tools.

Read More

How to Detect Ransomware Early

The proliferation of ransomware attacks in the past decade has brought many challenges to companies and cyber security teams worldwide. What started as simple ransomware attacks that a knowledgeable person could reverse has now exploded into a large industry with attackers reaping large profits with advanced forms of ransomware that is impossible to reverse.

Read More

CSOC Analysts Cybersecurity Toolkit Arsenal

It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No matter how diverse these organizations are, they have one thing in common, a CSOC analyst who is watching over their infrastructure.

Cyber Security Operation Centers or CSOC is comprised of a team of cyber security analysts whose responsibilities are fully dedicated to hunting for vulnerabilities, indicators of compromise and investigating incidents and alarms generated by SIEM, XDR and other monitoring security platforms and tools.

Read More

XDR Software – The Journey Beyond

We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the threat detection field and the benefits it brings plays a key role into understanding how this can fit into your overall cybersecurity ecosystem.

Read More


We welcome you to contact us for more information
about HAWKEYE - SOC As A Service.