Skip to main content
false
Splunk Threat Research Team
Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 11 Min Read

My CUPS Runneth Over (with CVEs)

This blog dissects the technical intricacies of the CUPS vulnerability, explores its potential impact on affected systems, and provides detection opportunities and mitigation strategies.
Security 17 Min Read

Handala’s Wiper: Threat Analysis and Detections

Cisco Talos and the Splunk Threat Research Team provide a comprehensive analysis that expands on existing coverage of Handala's Wiper and offers unique insights.
Security 13 Min Read

ShrinkLocker Malware: Abusing BitLocker to Lock Your Data

The Splunk Threat Research Team shares their findings and methodologies to aid the cybersecurity community in combating ShrinkLocker effectively.
Security 8 Min Read

The Final Shell: Introducing ShellSweepX

The Splunk Threat Research Team is excited to announce the final tool in the ShellSweep collection: ShellSweepX.
Security 3 Min Read

Splunk Security Content for Threat Detection & Response: Q2 Roundup

Learn about the latest security content from Splunk.
Security 13 Min Read

Previous Security Content Roundups from the Splunk Threat Research Team (STRT)

Recap: Learn about the last four quarters of security content from the Splunk Threat Research Team.
Security 6 Min Read

AcidPour Wiper Malware: Threat Analysis and Detections

The Splunk Threat Research Team provides an analysis of AcidPour and how to use Splunk’s out-of-the-box security content to help defend against this wiper malware.
Security 4 Min Read

Splunk Security Content for Impact Assessment of CrowdStrike Windows Outage

This blog is intended to help existing Splunk customers who are also customers of CrowdStrike gain visibility into how the CrowdStrike outage may be impacting their organizations.
Security 8 Min Read

Breaking Down Linux.Gomir: Understanding this Backdoor’s TTPs

The Splunk Threat Research Team provides an analysis of Linux.Gomir to help security analysts, blue teamers and Splunk customers defend against this threat.
Security 14 Min Read

Introducing ShellSweepPlus: Open-Source Web Shell Detection

Detect web shells easily with ShellSweepPlus, an open-source tool for detecting potential web shells. Learn how ShellSweepPlus works and how to use it here.
Security 9 Min Read

regreSSHion: Uncovering CVE-2024-6387 in OpenSSH - A Critical Vulnerability

CVE-2024-6387, aka "regreSSHion", exposes Linux environments to remote unauthenticated code execution. Learn how to handle this CVE here.
Security 8 Min Read

LNK or Swim: Analysis & Simulation of Recent LNK Phishing

LNK files are a common starting point for many phishing campaigns. Read on to strengthen your defenses against these LNK file phishing attacks.
Security 10 Min Read

Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 2

Leverage the power of Splunk to ingest, visualize, and analyze AppLocker events, enabling you to gain valuable insights and strengthen your organization's security posture.
Security 11 Min Read

Deploy, Test, Monitor: Mastering Microsoft AppLocker, Part 1

The Splunk Threat Research Team provides a comprehensive overview of AppLocker and guidance for getting started with AppLocker policies
Security 6 Min Read

Security Insights: Detecting CVE-2024-4040 Exploitation in CrushFTP

The Splunk Threat Research Team explores how Splunk can help you identify and investigate CVE-2024-4040 exploitation in your CrushFTP environment.
Security 14 Min Read

Splunk Tools & Analytics To Empower Threat Hunters

Calling all threat hunters! This article dives into the many Splunk tools and analytics that can help threat hunters in their day-to-day hunting activities.
Security 17 Min Read

Hunting M365 Invaders: Dissecting Email Collection Techniques

The Splunk Threat Research Team describes various methods attackers may leverage to monitor mailboxes, how to simulate them and how teams can detect them using Splunk’s out-of-the-box security content.
Security 3 Min Read

From Water to Wine: An Analysis of WINELOADER

In this blog post we'll look closely at the WINELOADER backdoor and how Splunk can be used to detect and respond to this threat.