top of page

From Detection to Action: SpyDR Elevates Cyber Hunting to New Heights

Our "Made in Germany" product SpyDR is able to detect tools and techniques commonly shared among cyber criminals but also by sophisticated APT actors. 

Stop actors before they are able to deploy ransomware in your environment or exfiltrate data.

Home: Welcome

Find ANY breaches or adversaries
in your enterprise with SpyDR

No Agent
No Performance Impact 
No Pre-Requisites

No Cloud
No Limitations

Know within a few hours if you are breached.

Trace and unveil the adversary throughout your enterprise

“There are only two types of companies: Those that have been hacked and those that will be hacked.”


Robert S. Mueller, III, former Director of the FBI 

How SpyDR works

Most breaches are spotted after years! Why?

Most security tools only check for ongoing attacks and deploying them is hard and lengthy.

SpyDR checks any host for traces of hacking tools and common behavoir used by actors, leaving them no where to hide!

When traces are found, take the compromised user and search for their activity to unveil new compromised systems.

Home: Headliner
Settings icon

1. Integrate all indicators already collected or start with SpyDR's standard detection set.


2. Trigger SpyDR via GPO (or any available management tool such as e.g. SCCM) to run on every Windows Device.

time symbol

3. Receive results minutes after the initial setup and start hunting.

If the compromised user is already known, search for any user activity across your whole Windows Domain!

Simply identify relevant events like:

Login/Logout activity 

System manipulation commonly used for persistence (Scheduled Task, Services, Reg keys)

Home: About
Home: About

Why choose SpyDR ?


SpyDR scans the local event log of every machine for user activity from compromised accounts. You can quickly map on which systems the user logged in and which services or scheduled tasks were created by the compromised user.

Welliger abstrakter Hintergrund
Windows icon

Cover ALL Windows devices

SpyDR aims to not leave any gaps where adversaries can hide. It works on recent Windows versions as well as provides compatibility down to WIN 7. Every Windows system connected to the AD can be linked to the deployment GPO.

No agent & performance impact

SpyDR is a truly agent-less software and is deployable via any software deployment service like for example SCCM or via active directory GPO.

It has a minimal footprint so attackers won’t discover it and can’t disable or dodge it like classical AV or EDR tools. It has proven to have almost no performance impact and can be run on systems with sparse resources.

SCCM, GPO, etc.

Home: Services

Why wait, if you could know in hours if you are breached?

SpyDR scales no matter the size of your enterprise, common standard protocols are used for messaging.

No changes required on your side, only deploy and analyze!

Home: About

Use Cases

Home: FAQ

Compromise assessment & security reviews
| Before an Incident

Conducting a compromise assessment usually requires deploying agents or network sensors and therefore taking months in preparation and execution.


SpyDR does not. Within hours you are provided with a full assessment of all systems connected to your active directory.

Filtering out the noise and only showing you truly malicious traces.

Support DFIR activities
| During an Incident

During the hot phase of an incident focusing your forensic activities on the most relevant assets is key.


SpyDR helps you to quickly assess the scope and focus on the right assets. It will give a holistic view on where an attacker has been and assists you in your remediation activities. A tool every incident responder would love to have in his pocket.

Assist cleanup activities
| After an Incident

Incident response activities are completed but tools are missing to conduct enterprise wide sweeps for leftover traces?



SpyDR allows you to ingest key indicators gathered during Incident Response. Enabling you to quickly carry out enterprise wide sweeps for your reassurance. Don't simply rely on your AV or EDR!

Assist M&A processes
| Before accepting Risk

Before you merge or acquire a company you want to get an accurate picture on their security posture? Don't rely on high-level risk scores which are purely based on external exposure.


SpyDR will assist you identifying the real risk posture of the company in question without any lengthy deployments in an easy to share & consumable format.

Watch us!
@MHP Festival 2022

Want to know more?

For more information fill out the form and we will get back to you shortly!

Home: Contact

Thank you very much, we will come back to you right away.

bottom of page