AcidPour Wiper Malware: Threat Analysis and Detections
The Splunk Threat Research Team provides an analysis of AcidPour and how to use Splunk’s out-of-the-box security content to help defend against this wiper malware.
Splunk Security Content for Impact Assessment of CrowdStrike Windows Outage
This blog is intended to help existing Splunk customers who are also customers of CrowdStrike gain visibility into how the CrowdStrike outage may be impacting their organizations.
Breaking Down Linux.Gomir: Understanding this Backdoor’s TTPs
The Splunk Threat Research Team provides an analysis of Linux.Gomir to help security analysts, blue teamers and Splunk customers defend against this threat.
Introducing ShellSweepPlus: Open-Source Web Shell Detection
Detect web shells easily with ShellSweepPlus, an open-source tool for detecting potential web shells. Learn how ShellSweepPlus works and how to use it here.
regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability
CVE-2024-6387, aka "regreSSHion", exposes Linux environments to remote unauthenticated code execution. Learn how to handle this CVE here.
LNK or Swim: Analysis & Simulation of Recent LNK Phishing
LNK files are a common starting point for many phishing campaigns. Read on to strengthen your defenses against these LNK file phishing attacks.
Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 2
Leverage the power of Splunk to ingest, visualize, and analyze AppLocker events, enabling you to gain valuable insights and strengthen your organization's security posture.
Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 1
The Splunk Threat Research Team provides a comprehensive overview of AppLocker and guidance for getting started with AppLocker policies
Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP
The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.
Splunk Security Content for Threat Detection & Response: Q1 Roundup
Learn about the latest security content from Splunk.
Previous Security Content Roundups from the Splunk Threat Research Team (STRT)
Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Splunk Tools & Analytics To Empower Threat Hunters
Calling all threat hunters! This article dives into the many Splunk tools and analytics that can help threat hunters in their day-to-day hunting activities.
Hunting M365 Invaders: Dissecting Email Collection Techniques
The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
From Water to Wine: An Analysis of WINELOADER
In this blog post we'll look closely at the WINELOADER backdoor and how Splunk can be used to detect and respond to this threat.
Under the Hood of SnakeKeylogger: Analyzing its Loader and its Tactics, Techniques, and Procedures
In this blog, the Splunk Threat Research Team provides valuable insights to enable security analysts and blue teamers to defend and be aware of these scam tactics.
Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199
The Splunk Threat Research Team examines exploit operations, analytics, hunting queries, and tips on capturing TeamCity logs.
Unveiling Phemedrone Stealer: Threat Analysis and Detections
The Splunk Threat Research Team dissects the Phemedrone Stealer.
Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
The Splunk Threat Research Team outlines the attack chain detailed in the Microsoft blog, offering practical detection and hunting tips for cybersecurity defenders.
