15 Dec 2021

Sticky Post By HAWKEYE Posted in Vulnerability Assessment Permalink

Log4j Critical RCE

Sticky Post By HAWKEYE On December 15, 2021

The Log4j Vulnerability commonly known as Log4Shell zero day vulnerability was made public on December 9th 2021. This vulnerability is being tracked as CVE-2021-44228 and has been given a CVSS 3.0 severity score of 10.0 (Critical).

Read More

Log4j Critical RCE December 29th, 2021HAWKEYE

06 Nov 2021

Sticky Post By HAWKEYE Posted in Managed SOC Services, Security Operations Center Permalink

How Threat Actors Steal Your Data with Reverse Tunnelling

Sticky Post By HAWKEYE On November 6, 2021

Reverse tunnelling is a technique used to ‘sneak into’ a secured network by hiding applications within traffic which originates from within the network.

Read More

How Threat Actors Steal Your Data with Reverse Tunnelling January 6th, 2022HAWKEYE

12 Oct 2021

Sticky Post By HAWKEYE Posted in Cyber Security, Managed Security Services, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3

Sticky Post By HAWKEYE On October 12, 2021

Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right permissions for reading security logs.

Read More

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3 January 9th, 2022HAWKEYE

09 Sep 2021

Sticky Post By HAWKEYE Posted in Cyber Security, Managed Security Services, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2

Sticky Post By HAWKEYE On September 9, 2021

From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from outside to user segments. Hence, we will be discussing Source Initiated Windows Event Forwarding in this article.

Read More

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2 January 9th, 2022HAWKEYE

27 Aug 2021

Sticky Post By HAWKEYE Posted in Cyber Security, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1

Sticky Post By HAWKEYE On August 27, 2021

Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in place. The threat landscape is constantly evolving and often the case is that your protective measures are playing catch up.

Read More

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1 January 9th, 2022HAWKEYE

07 Mar 2021

Sticky Post By HAWKEYE Posted in Azure Sentinel Permalink

Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing

Sticky Post By HAWKEYE On March 7, 2021

From our experience in deploying various SIEM platform, we would rank Azure sentinel number one when it comes to the variety of data collection options it provides. Virtually any log sources and type of data can be ingested in the Azure Sentinel with the different options it provides

Read More

Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing July 7th, 2021HAWKEYE

07 Feb 2021

Sticky Post By HAWKEYE Posted in Azure Sentinel Permalink

Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM

Sticky Post By HAWKEYE On February 7, 2021

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

Read More

Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM July 7th, 2021HAWKEYE

10 Jan 2021

Sticky Post By HAWKEYE Posted in Managed SOC Services, Security Operations Center, Security Orchestration, SOAR Permalink

SOAR Features and Use Cases

Sticky Post By HAWKEYE On January 10, 2021

Organizations are getting bigger and bigger and, because of that a lot of events, activities and data are being generated and triggered, and the scale of these events sometimes reaches to a peak, where analysts are not able to handle them anymore.

Read More

SOAR Features and Use Cases May 16th, 2021HAWKEYE

31 Dec 2020

Sticky Post By HAWKEYE Posted in Cyber Threat Intelligence, Managed SOC Services Permalink

Dark Web and Threat Intelligence (DARKINT)

Sticky Post By HAWKEYE On December 31, 2020

Security researchers and Cybersecurity professionals have an immense interest in discovering threat intelligence on the deep web and darknet. This intelligence allows organizations to detect block and prevent threats of all kinds—But first, we need to know, what exactly is the deep web and the Dark Web?

Read More

Dark Web and Threat Intelligence (DARKINT) January 7th, 2021HAWKEYE

23 Dec 2020

Sticky Post By HAWKEYE Posted in Cyber Security, Incident Response Permalink

Ransomware Incident Response Plan – Part 2

Sticky Post By HAWKEYE On December 23, 2020

Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system if not responded properly. The following article is specially created for preparing incident response teams against this particular attack, but it is generally excellent guidance for everyone who would like to have clear and step-by-step approach on how to prepare, identify, contain, remediate and recover from the dangerous attacks of ransomware.

Read More

Ransomware Incident Response Plan – Part 2 December 31st, 2020HAWKEYE