Splunk Threat Research Team's Blog Posts

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository.

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.

Read more Splunk Security Content.

Threat Advisory: SwiftSlicer Wiper STRT-TA03
Security
4 Minute Read

Threat Advisory: SwiftSlicer Wiper STRT-TA03

The Splunk Threat Research Team shares a closer look at the SwiftSlicer wiper, a new payload discovered by ESET and found in a recent January 2023 campaign.
Fantastic IIS Modules and How to Find Them
Security
8 Minute Read

Fantastic IIS Modules and How to Find Them

This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
All the Proxy(Not)Shells
Security
7 Minute Read

All the Proxy(Not)Shells

The Splunk Threat Research Team walks through exploitation of ProxyShell and ProxyNotShell using MetaSploit, and hunts through data in Splunk to showcase different avenues for defenders to identify malicious activity.
From Registry With Love: Malware Registry Abuses
Security
13 Minute Read

From Registry With Love: Malware Registry Abuses

The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.
Introducing Attack Range v3.0
Security
3 Minute Read

Introducing Attack Range v3.0

Explore the new features introduced in version 3.0 of the Splunk Attack Range, aimed at helping you build resilient, high-quality threat detections.
CISA Top Malware Summary
Security
8 Minute Read

CISA Top Malware Summary

This blog summarizes the Splunk Threat Research Team’s (STRT) recent review of the CISA Top 10 Malware strains for the year 2021 report.