Skip to main content
false
Splunk Threat Research Team
Splunk Threat Research Team

 

The Splunk Threat Research Team is an active part of a customer’s overall defense strategy by enhancing Splunk security offerings with verified research and security content such as use cases, detection searches, and playbooks. We help security teams around the globe strengthen operations by providing tactical guidance and insights to detect, investigate and respond against the latest threats. The Splunk Threat Research Team focuses on understanding how threats, actors, and vulnerabilities work, and the team replicates attacks which are stored as datasets in the Attack Data repository

Our goal is to provide security teams with research they can leverage in their day to day operations and to become the industry standard for SIEM detections. We are a team of industry-recognized experts who are encouraged to improve the security industry by sharing our work with the community via conference talks, open-sourcing projects, and writing white papers or blogs. You will also find us presenting our research at conferences such as Defcon, Blackhat, RSA, and many more.


Read more Splunk Security Content

Security 9 Min Read

Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199

The Splunk Threat Research Team examines exploit operations, analytics, hunting queries, and tips on capturing TeamCity logs.
Security 11 Min Read

Unveiling Phemedrone Stealer: Threat Analysis and Detections

The Splunk Threat Research Team dissects the Phemedrone Stealer.
Security 11 Min Read

Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

The Splunk Threat Research Team outlines the attack chain detailed in the Microsoft blog, offering practical detection and hunting tips for cybersecurity defenders.
Security 9 Min Read

Another Year of RATs and Trojan Stealer: Detection Commonalities and Summary

The Splunk Threat Research Team shares analysis, analytic stories and security detections for seven well-known RAT and Trojan Stealer malware families.
Security 5 Min Read

Security Insights: Jenkins CVE-2024-23897 RCE

In response to CVE-2024-23897, the Splunk Threat Research Team has developed new security detections and hunting queries to support defenders.
Security 6 Min Read

Security Insights: Tracking Confluence CVE-2023-22527

In response to CVE-2023-22527, the Splunk Threat Research Team has developed new security detections to support defenders.
Security 6 Min Read

Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE

The Splunk Threat Research Team has swiftly developed Splunk analytics and hunting queries, helping defenders quickly adapt and respond to emerging threats CVE-2023-46804 and CVE-2024-21887.
Security 10 Min Read

Enter The Gates: An Analysis of the DarkGate AutoIt Loader

The Splunk Threat Research Team (STRT) provides a deep dive analysis of the DarkGate malware and its use of AutoIt.
Security 7 Min Read

Ghost in the Web Shell: Introducing ShellSweep

Splunk introduces ShellSweep, a suite of utilities designed to detect and combat malicious web shells in servers.
Security 17 Min Read

Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors

Discover insights from the Splunk Threat Research Team on Microsoft 365 threat detection, focusing on data source analysis and effective methods for hunting initial access threats.
Security 17 Min Read

Deploy, Test, Monitor: Mastering Microsoft Defender ASR with Atomic Techniques in Splunk

Explore Microsoft Defender ASR's role in cybersecurity with Splunk and learn deployment, testing, and monitoring strategies for robust defense.
Security 8 Min Read

Unmasking the Enigma: A Historical Dive into the World of PlugX Malware

The Splunk Threat Research Team (STRT) unravels the mystery of a PlugX variant, peeling back the layers of its payload, tactics, and impact on the digital realm.
Security 10 Min Read

Take a SIP: A Refreshing Look at Subject Interface Packages

Splunker Michael Haag dives into Subject Interface Packages (SIPs) and their role in Windows security, exploring how SIPs can be exploited by malicious actors to bypass security measures and sign malicious code.
Security 10 Min Read

More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities

The Splunk Threat Research Team (STRT) provides a deep-dive analysis of NjRAT (or Bladabindi), a Remote Access Trojan (RAT) discovered in 2012 that's still active today.
Security 5 Min Read

Detect WS_FTP Server Exploitation with Splunk Attack Range

The Splunk Threat Research Team shares how they used Splunk Attack Range to develop detection content related to CVE-2023-40044.
Security 8 Min Read

Defending the Gates: Understanding and Detecting Ave Maria (Warzone) RAT

The Splunk Threat Research Team provides a deep-dive analysis of Ave Maria RAT, also known as 'Warzone RAT.'
Security 9 Min Read

Mockbin and the Art of Deception: Tracing Adversaries, Going Headless and Mocking APIs

Splunk's Threat Research Team delves into the attack's components, usage of tools like Mockbin and headless browsers, and provides guidance on detecting such activities.
Security 9 Min Read

Sharing is Not Caring: Hunting for Network Share Discovery

This post offers a practical guide to enhancing detection strategies against network share discovery, a technique often used by threat actors.