HAWK.io Blog

Detecting Windows PrinterNightmare Bug Exploit Code
Jason Wheeler Jason Wheeler

Detecting Windows PrinterNightmare Bug Exploit Code

Jason Wheeler, VP Customer Service HAWK.io, discusses his approach to creating the detection rules for the PrinterNightmare eploit. He will also discuss what to look for in the raw Windows event logs and the time saving benefits of HAWK vTTAC™ data enrichment for automatically capturing critical information needed for efficient digital forensics and incident response (DFIR).

Read More
Unicode Reflection - Event Null Byte Injection
Jason Wheeler Jason Wheeler

Unicode Reflection - Event Null Byte Injection

HAWK experts look at “Log Jam”, the latest Unicode data reflection exploit. How they detected it’s presence and how HAWK.io MDR can complement existing EDR deployments by providing missing telemetry data critical to efficient and effective SOAR efforts.

Read More
Solving Rogue Device Detection and User Permission Investigation with Real-Time Data Enrichment and Analysis
Tim Shelton Tim Shelton

Solving Rogue Device Detection and User Permission Investigation with Real-Time Data Enrichment and Analysis

Tim Shelton, CTO/Founder of HAWK Network Defense, aka redsand in the hacker community will explore the core components necessary to drive efficiency and effectiveness of Security Orchestration and Response (SOAR). He will also discuss the requirements to build organizational trust in the processes from incident creation, validation, prioritization, and finally to response. Because the holy grail of SOAR is automated SOAR. There are many hurdles for people, processes, and technology must clear to win the race.

Read More