Rapid response guides
SURGe's initial technical guidance provides blue teams with a starting place to investigate a high-profile attack.
Kaseya, Sera. What REvil Shall Encrypt, Shall Encrypt
Hunting the REvil Ransomware Attack on Kaseya VSA
EO, EO, It's Off to Work We Go!
Recommendations from the White House for protecting against ransomware
The DarkSide of the Ransomware Pipeline
How to detect and mitigate DarkSide ransomware
Monitoring Pulse Connect Secure With Splunk
Finding potential vulnerabilities in your Pulse Connect Secure appliance
Detecting HAFNIUM Exchange Server Zero-Day Activity in Splunk
Finding the Microsoft vulnerabilities being exploited via Outlook Web Services (OWA)
Detecting Microsoft Exchange Vulnerabilities - 0 + 8 Days Later…
An update on HAFNIUM Exchange Server activity
Automated Clean-Up of HAFNIUM Shells and Processes With Splunk SOAR
Using automation to remove webshells and terminate W3WP spawned processes
Using Splunk to Detect Sunburst Backdoor
Leveraging Splunk's network defense and incident response techniques to defend against Sunburst Backdoor
Detecting Supernova Malware: SolarWinds
How to detect Supernova malware that uses a zero-day vulnerability to install a trojanized .NET DLL
A Golden SAML Journey: SolarWinds
How to detect and mitigate SAML attacks
