Skip to main content
false
Blogs
Blogs
Blogs
Splunk Threat Research Team
Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 11 Min Read

Breaking the Chain: Defending Against Certificate Services Abuse
Explore the common certificate abuses leveraged by current and relevant adversaries in the wild, the multiple methods they use to obtain certificates, how to gather relevant logs and ways to mitigate adversaries stealing certificates.
Security 4 Min Read

Threat Advisory: SwiftSlicer Wiper STRT-TA03
The Splunk Threat Research Team shares a closer look at the SwiftSlicer wiper, a new payload discovered by ESET and found in a recent January 2023 campaign.
Security 8 Min Read

Fantastic IIS Modules and How to Find Them
This blog showcases how to enable and ingest IIS operational logs, utilize PowerShell scripted inputs to ingest installed modules and simulate AppCmd and PowerShell adding new IIS modules and disable HTTP logging using Atomic Red Team.
Security 7 Min Read

All the Proxy(Not)Shells
The Splunk Threat Research Team walks through exploitation of ProxyShell and ProxyNotShell using MetaSploit, and hunts through data in Splunk to showcase different avenues for defenders to identify malicious activity.
Security 13 Min Read

From Registry With Love: Malware Registry Abuses
The Splunk Threat Research Team explores the common Windows Registry abuses leveraged by current and relevant malware families in the wild and how to detect them.
Security 3 Min Read

Introducing Attack Range v3.0
Explore the new features introduced in version 3.0 of the Splunk Attack Range, aimed at helping you build resilient, high-quality threat detections.
Security 8 Min Read

CISA Top Malware Summary
This blog summarizes the Splunk Threat Research Team’s (STRT) recent review of the CISA Top 10 Malware strains for the year 2021 report.
Security 10 Min Read

Detecting Cloud Account Takeover Attacks: Threat Research Release, October 2022
The Splunk Threat Research Team shares a closer look at the telemetry available in Azure, AWS and GCP and the options teams have to ingest this data into Splunk.
Security 13 Min Read

From Macros to No Macros: Continuous Malware Improvements by QakBot
This blog, the Splunk Threat Research Team (STRT) showcases a year's evolution of QakBot. We also dive into a recent change in tradecraft meant to evade security controls. Last, we reverse engineered the QakBot loader to showcase some of its functions.
Security 12 Min Read

Inside the Mind of a ‘Rat’ - Agent Tesla Detection and Analysis
The Splunk Threat Research Team (STRT) describes the different tactics, techniques and procedures mapped to the ATT&CK framework leveraged by the Agent Tesla remote access trojan.
Security 9 Min Read

Dark Crystal RAT Agent Deep Dive
The Splunk Threat Research Team (STRT) analyzed and developed Splunk analytics for this RAT to help defenders identify signs of compromise within their networks.
Security 11 Min Read

Deliver a Strike by Reversing a Badger: Brute Ratel Detection and Analysis
The Splunk Threat Research Team shares how they utilized public research to capture Brute Ratel Badgers (agents) and create a Yara rule to help identify more on VirusTotal.
Security 7 Min Read

Machine Learning in Security: NLP Based Risky SPL Detection with a Pre-trained Model
The Splunk Threat Research Team shares a closer look at a hunting analytic and two machine learning-based detections that help find users running highly suspicious risky SPL commands.
Security 24 Min Read

AppLocker Rules as Defense Evasion: Complete Analysis
The Splunk Threat Research Team analyzes 'Azorult loader' (a payload that imports its own AppLocker rules) to understand the tactics and techniques that may help defend against these types of threats.
Security 6 Min Read

ML Detection of Risky Command Exploit
Discover how to use machine learning algorithms to develop methods for detecting misuse or abuse of risky SPL commands to further pinpoint a true security threat.
Security 6 Min Read

Introducing Splunk Attack Range v2.0
The Splunk Attack Range project has officially reached the v2.0 release with a host of new features – get all the details from the Splunk Threat Research Team.
Security 11 Min Read

Threat Update: Industroyer2
The Splunk Threat Research Team offers an analysis of relevant detection opportunities of one of the new malicious payloads found by the Ukranian CERT named 'Industroyer2.'
Security 10 Min Read

Threat Update: AcidRain Wiper
The Splunk Threat Research Team shares the details on the new malicious payload named AcidRain, designed to wipe modem or router devices (CPEs).
CONTACT SPLUNK
CONTACT SPLUNK
USER REVIEWS
USER REVIEWS
SPLUNK MOBILE
Download Splunk Mobile on the apple app store
Download Splunk Mobile on the Google Play store
Legal
Patents
Privacy
Sitemap
Website Terms of Use

© 2005 - 2024 Splunk Inc. All rights reserved.