HAWKEYE | Managed SOC Dubai | Managed Cyber Security Operations Center | SOC As A Service | Dubai | Abu Dhabi | UAE | Cyber Security Middle East | HAWKEYE - Part 5

HAWKEYE Cyber Security, Managed Security Services, Managed SOC Services Permalink

Usage of NPPSpy

HAWKEYE September 21, 2022

Extracting Windows credentials from Domain based hosts is one of the common attack techniques hackers use to obtain user credentials from Windows hosts. Once obtained, these user credentials are used to laterally move between the hosts and deploy threats or exfiltrate data from the network.

HAWKEYE Cyber Security, Machine Learning, Malware Protection, Managed SOC Services Permalink

Malware Evasion Techniques and Recommendations for Threat Protection

HAWKEYE September 20, 2022

Malware evasion methods are frequently employed to evade detection, analysis, and comprehension. Due to the fact that sandboxes are now the quickest and simplest approach to getting an overview of the threat, anti-sandbox detection is one of the most common kinds of evasion.

HAWKEYE Cyber Security, Cyber Threat Intelligence, Machine Learning, Managed Security Services, Managed SOC Services, Security Operations Center, Threat Hunting, Threat Intelligence Permalink

Data Exfiltration and Detection through Anomaly Detection

HAWKEYE September 19, 2022

Data exfiltration is the unauthorised transfer of critical and sensitive data and/or information from a targeted network to the cyber pests’ hideouts. Detecting data exfiltration is a difficult task because data flows in and out of networks on a regular basis, and this nefarious technique closely resembles normal network traffic.

HAWKEYE Cyber Security, Machine Learning, Managed Security Services, Managed SOC Services Permalink

DGA Detection Using Machine Learning

HAWKEYE September 16, 2022

Domain Generation algorithm (DGA) is an automation technique used by cyber attackers for a variety of attacks like Data exfiltration, command and control and DNS tunnelling and to make it harder for the company’s defenses to detect them.

HAWKEYE Cyber Security, Machine Learning, Managed SOC Services, UEBA Permalink

Augmenting Traditional UEBA with ML and Deep Learning

HAWKEYE September 11, 2022

User and entity behavior analytics (UEBA) is a threat detection technology that is based on analytics. UEBA employs machine learning and data science to gain an understanding of how users (humans) in an environment typically behave and then detect risky and anomalous activity that deviates from their normal behavior and may indicate a threat.

HAWKEYE Cyber Security, Security Operations Center Permalink

Tools Used for Dumping of RDPCreds via comsvcs.dll

HAWKEYE September 8, 2022

Remote Desktop Protocol (RDP) is commonly used by administrators to manage Windows environments remotely. It is also typical for RDP to be enabled in systems that act as a jumpstation to enable users to reach other networks.

HAWKEYE Cyber Security, Managed SOC Services, Security Operations Center Permalink

Sniffing Attacks – Packet Capture Techniques Used by Attackers

HAWKEYE September 5, 2022

Sniffing attacks are data thefts caused by capturing network traffic with packet sniffers, which can illegally access and read unencrypted data.

HAWKEYE Cyber Security, Managed SOC Services, Security Operations Center Permalink

LSASS Dumping Techniques

HAWKEYE September 1, 2022

Local Security Authority Subsystem Service (LSASS) is the process on Microsoft Windows that handles all user authentication, password changes, creation of access tokens, and enforcement of security policies.

HAWKEYE Cyber Security, Reconnaissance Tools Permalink

Common Reconnaissance Tools Used by Threat Actors

HAWKEYE August 24, 2022

Reconnaissance consists of techniques that involve adversaries actively or passively gathering information that can be used to support targeting.

HAWKEYE Cyber Security, Managed SOC Services, XDR Permalink

DNS Tunneling and Countermeasures in an Enterprise

HAWKEYE August 3, 2022

DNS tunneling is one of the significant threats that an organization faces when it comes to attacker tactics and techniques used to exfiltrate data out of the organization.

HAWKEYE Alert Advisory, Cyber Security, Managed SOC Services, Ransomware Protection, Security Operations Center, XDR Permalink

Alert Advisory: Analysis of BlackCat Ransomware

HAWKEYE July 27, 2022

BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide using the multi-level extortion tactic.

HAWKEYE Cyber Security Permalink

SSO SAML Tokens Attack

HAWKEYE July 18, 2022

SAML (In)Security

Security Assertion Markup Language (SAML) is a method for exchanging authentication and authorization between trusted parties. It’s essentially an XML schema that allows for federated Single Sign-On (SSO) to work.

HAWKEYE Cyber Security, Incident Response, Security Operations Center Permalink

Kerberoasting – Active Directory Attack

HAWKEYE July 6, 2022

Active Directory services are usually used by organizations for easily configuring policies and managing permissions. Due to its widespread usage, adversaries often target misconfigured AD services using different attacks.

HAWKEYE Advanced Persistent Threat, Malware Protection Permalink

ToddyCat APT

HAWKEYE June 27, 2022

ToddyCat — a relatively new Chinese-Speaking Advanced Persistent Threat, has been targeting and exploiting vulnerable Exchange Servers throughout Europe and Asia since December 2020 for targeting high-profile entities which is recently reported by Kaspersky.

HAWKEYE Cyber Security, Incident Response, Vulnerability Assessment Permalink

CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics

HAWKEYE June 3, 2022

Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using the URL protocol from a calling application (Word products such as Word/Excel/Outlook).

HAWKEYE Malware Protection, Managed Security Services, Managed SOC Services Permalink

Wiper Malware – What is it and How to Detect?

HAWKEYE April 12, 2022

In the world of different malware types and strains, the most disruptive malware type besides ransomware might be Wiper malware. The original wiper malware was first seen back in 2012 but did not enter the spotlight until 2014 when Sony company was hit with this destructive strain.

HAWKEYE Ransomware Protection Permalink

Ransomware Detection Using Machine Learning

HAWKEYE March 29, 2022

Gone are the days of manual security analysis that cyber security teams used to perform to track down and stop ransomware attacks.

Due to the vast amount of data that is being generated every minute of every day, it has become impossible to rely on a few cyber security professionals to stop ransomware attacks without significant assistance from automated security tools.

HAWKEYE Compromise Assessment, Ransomware Protection Permalink

How to Detect Ransomware Early

HAWKEYE March 15, 2022

The proliferation of ransomware attacks in the past decade has brought many challenges to companies and cyber security teams worldwide. What started as simple ransomware attacks that a knowledgeable person could reverse has now exploded into a large industry with attackers reaping large profits with advanced forms of ransomware that is impossible to reverse.

HAWKEYE Cyber Security, DARKINT, EDR, OSINT, SIEM, Threat Intelligence, Vulnerability Assessment, XDR Permalink

CSOC Analysts Cybersecurity Toolkit Arsenal

HAWKEYE February 28, 2022

It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No matter how diverse these organizations are, they have one thing in common, a CSOC analyst who is watching over their infrastructure.

Cyber Security Operation Centers or CSOC is comprised of a team of cyber security analysts whose responsibilities are fully dedicated to hunting for vulnerabilities, indicators of compromise and investigating incidents and alarms generated by SIEM, XDR and other monitoring security platforms and tools.

HAWKEYE Managed SOC Services, Security Operations Center, XDR Permalink

XDR Software – The Journey Beyond

HAWKEYE January 20, 2022

We are still in the early days of the XDR (eXtended Detection and Response) era, understanding XDR technology in the threat detection field and the benefits it brings plays a key role into understanding how this can fit into your overall cybersecurity ecosystem.

CONTACT US

We welcome you to contact us for more information
about HAWKEYE - SOC As A Service.