06 Jul 2022

HAWKEYE Cyber Security, Incident Response, Security Operations Center Permalink

Kerberoasting – Active Directory Attack

HAWKEYE July 6, 2022

Active Directory services are usually used by organizations for easily configuring policies and managing permissions. Due to its widespread usage, adversaries often target misconfigured AD services using different attacks.

Read More

27 Jun 2022

HAWKEYE Advanced Persistent Threat, Malware Protection Permalink

ToddyCat APT

HAWKEYE June 27, 2022

ToddyCat — a relatively new Chinese-Speaking Advanced Persistent Threat, has been targeting and exploiting vulnerable Exchange Servers throughout Europe and Asia since December 2020 for targeting high-profile entities which is recently reported by Kaspersky.

Read More

03 Jun 2022

HAWKEYE Cyber Security, Incident Response, Vulnerability Assessment Permalink

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics

HAWKEYE June 3, 2022

Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using the URL protocol from a calling application (Word products such as Word/Excel/Outlook).

Read More

12 Apr 2022

HAWKEYE Malware Protection, Managed Security Services, Managed SOC Services Permalink

Wiper Malware – What is it and How to Detect?

HAWKEYE April 12, 2022

In the world of different malware types and strains, the most disruptive malware type besides ransomware might be Wiper malware. The original wiper malware was first seen back in 2012 but did not enter the spotlight until 2014 when Sony company was hit with this destructive strain.

Read More

29 Mar 2022

HAWKEYE Ransomware Protection Permalink

Ransomware Detection Using Machine Learning

HAWKEYE March 29, 2022

Gone are the days of manual security analysis that cyber security teams used to perform to track down and stop ransomware attacks.

Due to the vast amount of data that is being generated every minute of every day, it has become impossible to rely on a few cyber security professionals to stop ransomware attacks without significant assistance from automated security tools.

Read More

15 Mar 2022

HAWKEYE Compromise Assessment, Ransomware Protection Permalink

How to Detect Ransomware Early

HAWKEYE March 15, 2022

The proliferation of ransomware attacks in the past decade has brought many challenges to companies and cyber security teams worldwide. What started as simple ransomware attacks that a knowledgeable person could reverse has now exploded into a large industry with attackers reaping large profits with advanced forms of ransomware that is impossible to reverse.

Read More

28 Feb 2022

HAWKEYE Cyber Security, DARKINT, EDR, OSINT, SIEM, Threat Intelligence, Vulnerability Assessment, XDR Permalink

CSOC Analysts Cybersecurity Toolkit Arsenal

HAWKEYE February 28, 2022

It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No matter how diverse these organizations are, they have one thing in common, a CSOC analyst who is watching over their infrastructure.

Cyber Security Operation Centers or CSOC is comprised of a team of cyber security analysts whose responsibilities are fully dedicated to hunting for vulnerabilities, indicators of compromise and investigating incidents and alarms generated by SIEM, XDR and other monitoring security platforms and tools.

Read More

20 Jan 2022

HAWKEYE Managed SOC Services, Security Operations Center, XDR Permalink

XDR Software – The Journey Beyond

HAWKEYE January 20, 2022

We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the threat detection field and the benefits it brings plays a key role into understanding how this can fit into your overall cybersecurity ecosystem.

Read More

15 Dec 2021

HAWKEYE Vulnerability Assessment Permalink

Log4j Critical RCE

HAWKEYE December 15, 2021

The Log4j Vulnerability commonly known as Log4Shell zero day vulnerability was made public on December 9th 2021. This vulnerability is being tracked as CVE-2021-44228 and has been given a CVSS 3.0 severity score of 10.0 (Critical).

Read More

06 Nov 2021

HAWKEYE Managed SOC Services, Security Operations Center Permalink

How Threat Actors Steal Your Data with Reverse Tunnelling

HAWKEYE November 6, 2021

Reverse tunnelling is a technique used to ‘sneak into’ a secured network by hiding applications within traffic which originates from within the network.

Read More

12 Oct 2021

HAWKEYE Cyber Security, Managed Security Services, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3

HAWKEYE October 12, 2021

Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right permissions for reading security logs.

Read More

09 Sep 2021

HAWKEYE Cyber Security, Managed Security Services, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2

HAWKEYE September 9, 2021

From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from outside to user segments. Hence, we will be discussing Source Initiated Windows Event Forwarding in this article.

Read More

27 Aug 2021

HAWKEYE Cyber Security, Managed SOC Services, Security Operations Center Permalink

Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1

HAWKEYE August 27, 2021

Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in place. The threat landscape is constantly evolving and often the case is that your protective measures are playing catch up.

Read More

07 Mar 2021

HAWKEYE Azure Sentinel Permalink

Deep-dive into Azure Sentinel – Part 2 – Data Collection and Processing

HAWKEYE March 7, 2021

From our experience in deploying various SIEM platform, we would rank Azure sentinel number one when it comes to the variety of data collection options it provides. Virtually any log sources and type of data can be ingested in the Azure Sentinel with the different options it provides

Read More

07 Feb 2021

HAWKEYE Azure Sentinel Permalink

Deep-dive into Azure Sentinel – Part 1 – Introduction to Sentinel as a SIEM

HAWKEYE February 7, 2021

You might have heard of the North Sentinel Island in the middle of Bay of Bengal that hosts the most isolated tribe in the world. Despite several attempts to break in or contact the island, it was always defended violently by the natives and the island still remains untouched. It is considered to be one of the most secured places on planet earth guarded both by the local tribes and the government. When it came to naming the most powerful weapon in Azure cloud security arsenal, Microsoft have chosen the right name for it- Azure Sentinel.

Read More

10 Jan 2021

HAWKEYE Managed SOC Services, Security Operations Center, Security Orchestration, SOAR Permalink

SOAR Features and Use Cases

HAWKEYE January 10, 2021

Organizations are getting bigger and bigger and, because of that a lot of events, activities and data are being generated and triggered, and the scale of these events sometimes reaches to a peak, where analysts are not able to handle them anymore.

Read More

31 Dec 2020

HAWKEYE Cyber Threat Intelligence, Managed SOC Services Permalink

Dark Web and Threat Intelligence (DARKINT)

HAWKEYE December 31, 2020

Security researchers and Cybersecurity professionals have an immense interest in discovering threat intelligence on the deep web and darknet. This intelligence allows organizations to detect block and prevent threats of all kinds—But first, we need to know, what exactly is the deep web and the Dark Web?

Read More

23 Dec 2020

HAWKEYE Cyber Security, Incident Response Permalink

Ransomware Incident Response Plan – Part 2

HAWKEYE December 23, 2020

Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system if not responded properly. The following article is specially created for preparing incident response teams against this particular attack, but it is generally excellent guidance for everyone who would like to have clear and step-by-step approach on how to prepare, identify, contain, remediate and recover from the dangerous attacks of ransomware.

Read More

18 Nov 2020

HAWKEYE Cyber Security, Incident Response Permalink

Ransomware Incident Response Plan – Part 1

HAWKEYE November 18, 2020

Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system if not responded properly. The following article is specially created for preparing incident response teams against this particular attack, but it is generally excellent guidance for everyone who would like to have clear and step-by-step approach on how to prepare, identify, contain, remediate and recover from the dangerous attacks of ransomware.

Read More

19 Aug 2020

HAWKEYE Cyber Security, Cyber Threat Intelligence, Security Operations Center Permalink

Cyber Threat Intelligence and OSINT

HAWKEYE August 19, 2020

We are living in a world where any number of cyber threats can bring an organization to its knees and it can be downright terrifying. Few years ago, threat intelligence first became a new buzzword in cybersecurity. Threat intelligence was not always a concept easily understood by typical IT security professionals.

Read More