Springing 4 Shells: The Tale of Two Spring CVEs
The Splunk Threat Research Team (STRT) shares detection opportunities in different stages of successful Spring4Shell exploitation.
Detecting Active Directory Kerberos Attacks: Threat Research Release, March 2022
Learn more about the Splunk Threat Research Team's new analytic story to help SOC analysts detect adversaries abusing the Kerberos protocol to attack Windows Active Directory environments
Threat Update: Cyclops Blink
The Splunk Threat Research Team shares the latest on the payload named Cyclops Blink, which seems to target Customer Premise Equipment devices (CPE) generally prevalent in commercial and residential locations enabling internet connectivity.
CI/CD Detection Engineering: Dockerizing for Scale, Part 4
Get the latest from the Splunk Threat Research Team on CI/CD Detection Engineering.
STRT-TA03 CPE - Destructive Software
The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone
You Bet Your Lsass: Hunting LSASS Access
Dive in as the Splunk Threat Research Team shares how Mimikatz, and a few other tools found in Atomic Red Team, access credentials via LSASS memory.
Threat Update: CaddyWiper
Get a breakdown of the features of the new malicious payload used against Ukraine, CaddyWiper.
Living Off The Land: Threat Research February 2022 Release
In this February 2022 release, the Splunk Threat Research Team (STRT) focused on comparing currently created living off the land security content with Sigma and the LOLBas project.
Threat Update DoubleZero Destructor
The Splunk Threat Research Team shares a closer look at a new malicious payload named DoubleZero Destructor (CERT-UA #4243).
Detecting HermeticWiper
Detecting HermeticWiper destructive software and ransomware decoy with Splunk.
Linux Persistence and Privilege Escalation: Threat Research January 2022 Release
In this January 2022 release, The Splunk Threat Research (STRT) team focused on the recently released Sysmon for Linux technology addition to Splunk.
Deep Dive on Persistence, Privilege Escalation Technique and Detection in Linux Platform
Deep dive with the Splunk Threat Research Team on Linux Privilege Escalation and Linux Persistence Techniques.
Threat Advisory: STRT-TA02 - Destructive Software
The focus of this threat advisory is on a recently reported destructive payload by Microsoft MSTIC under the name of WhisperGate. We break down the different components and functions of how this payload works and provide a series of detections to mitigate and defend against this threat.
Detecting Malware Script Loaders using Remcos: Threat Research Release December 2021
Start detection against behaviors and TTPs from a Remcos loader that utilizes DynamicWrapperX (dynwrapx.dll) to execute shellcode and inject Remcos RAT into the target process.
Simulating, Detecting, and Responding to Log4Shell with Splunk
Splunk Threat Research Team simulated the Log4j vulnerabilities in the Splunk Attack Range. Using the data collected, we developed 13 new detections and 9 playbooks to help Splunk SOAR customers investigate and respond to this threat.
Active Directory Lateral Movement Detection: Threat Research Release, November 2021
The Splunk Threat Research Team recently updated the Active Directory Lateral Movement analytic story to help security operations center (SOC) analysts detect adversaries executing these techniques within Windows Active Directory (AD) environments.
Securing DevSecOps - Threat Research Release October 2021
Learn how you can secure your development security operations with pre-built and tested Splunk detections and automated playbooks.
Detecting Remcos Tool Used by FIN7 with Splunk
The following is a walkthrough of Remcos executed via Attack Range Local. We will go over some of the multiple and intrusive operations this remote access tool can execute at compromised hosts.
