DNS Tunneling and Countermeasures in an Enterprise
DNS tunneling is one of the significant threats that an organization faces when it comes to attacker tactics and techniques […]
Alert Advisory: Analysis of BlackCat Ransomware
BlackCat, also known as ALPHV-ng, ALPHV, and Noberus, is a Ransomware-as-a-Service (RaaS) threat that targets organizations across multiple sectors worldwide […]
SSO SAML Tokens Attack
SAML (In)Security Security Assertion Markup Language (SAML) is a method for exchanging authentication and authorization between trusted parties. It’s essentially […]
Kerberoasting – Active Directory Attack
Active Directory services are usually used by organizations for easily configuring policies and managing permissions. Due to its widespread usage, […]
CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and Digital Forensics
Microsoft issued CVE-2022-30190 regarding a vulnerability regarding the Microsoft Support Diagnostic Tool (MSDT). This exists when MSDT is called using […]
CSOC Analysts Cybersecurity Toolkit Arsenal
It is safe to say that organizations worldwide have different infrastructure setups, technology, software, and different network architecture types. No […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 3
Reading security logs requires a higher level of permission that other logs. Below are the steps to configure the right […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 2
From a security perspective, generally, it would be better to allow communication from user segments to outside rather than from […]
Using Windows Event Forwarding for Centralized Windows Monitoring – Part 1
Staying on top of cyber threats in your environment could be challenging even with a lot of protective measures in […]
Ransomware Incident Response Plan – Part 2
Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system […]
Ransomware Incident Response Plan – Part 1
Ransomware was and still is one of the most dangerous attacks that can cause catastrophic consequences to the endpoint system […]
Cyber Threat Intelligence and OSINT
We are living in a world where any number of cyber threats can bring an organization to its knees and […]
Threat Model and Security Considerations For Remote Workers
As the world faces uncertain times, due to the spread of the pandemic COVID19 (coronavirus) outbreak, organizations around the world […]
12 Steps to Secure Your Organization’s Office 365 Accounts Effectively
Recently, our Incident response team at HAWKEYE received a frantic call from one of our clients saying that their o365 […]
Cyber Threat Management with MITRE ATT&CK – Part 1
Let’s agree on this first, job of a SOC analyst is TOUGH, as tough as finding a needle in a […]
Automated Threat Response with SOAR
Earlier, there were very few options available to sneak into an organisation’s network. Today, the ways in which cyber criminals […]
Pandemic COVID-19 Outbreak – Cyber Security Implications
As the world is trying to deal with the coronavirus pandemic, it seems hackers, fraudsters, and spammers; all flourish and […]