HAWK.io Blog
Escalating CyberThreats Associated With Russia/Ukraine Confrontation
HAWK's automated threat intel platform ensures the latest known threats can be detected. HAWK's existing analytic rules cover all of the threats currently outlined in the US-CERT Alert AA2-011A
Detecting Windows PrinterNightmare Bug Exploit Code
Jason Wheeler, VP Customer Service HAWK.io, discusses his approach to creating the detection rules for the PrinterNightmare eploit. He will also discuss what to look for in the raw Windows event logs and the time saving benefits of HAWK vTTAC™ data enrichment for automatically capturing critical information needed for efficient digital forensics and incident response (DFIR).
Unicode Reflection - Event Null Byte Injection
HAWK experts look at “Log Jam”, the latest Unicode data reflection exploit. How they detected it’s presence and how HAWK.io MDR can complement existing EDR deployments by providing missing telemetry data critical to efficient and effective SOAR efforts.
Solving Rogue Device Detection and User Permission Investigation with Real-Time Data Enrichment and Analysis
Tim Shelton, CTO/Founder of HAWK Network Defense, aka redsand in the hacker community will explore the core components necessary to drive efficiency and effectiveness of Security Orchestration and Response (SOAR). He will also discuss the requirements to build organizational trust in the processes from incident creation, validation, prioritization, and finally to response. Because the holy grail of SOAR is automated SOAR. There are many hurdles for people, processes, and technology must clear to win the race.